Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System won't boot - looking for tsk7E91.tmp


  • This topic is locked This topic is locked
14 replies to this topic

#1 sliwowitz

sliwowitz

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 15 April 2010 - 05:00 AM

I caught a bad virus - Rootkit.WIN32.tdss.d. After an attempt to clean it using AVG LiveCD (which found and deleted several trojans), the system won't boot anymore. It opens the "Startup Repair" tool which reports a critical boot file "C:\Windows\System32\drivers\tsk7E91.tmp" corrupted (in fact the file isn't there).

The fact that I can't find any information about "tsk7E91.tmp" and the weird (for a boot critical file) .tmp extension leads me to believe this is a remant of some virus/trojan. If it really isn't a real boot critical file, is it possible to somehow tell Vista not to try to load this file at all?

BC AdBot (Login to Remove)

 


#2 projectfocus

projectfocus

  • Members
  • 479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brighton
  • Local time:07:01 PM

Posted 15 April 2010 - 07:25 AM

That is the problem with Rootkits they change the files that boot as part of the machine startup before windows. If this file has been deleted before the entry from the boot has een removed then I am not sure what you can do. You could try creating a file in that location from a live cd and see if it will boot but I gather this file is to perform an action that the rootkit wanted it to. Restore from backup would be a good option.
FocusToonSigStreched.jpg

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:01 PM

Posted 15 April 2010 - 01:10 PM

Hi, projectfocus smile.gif

welcome.gif

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standart Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 sliwowitz

sliwowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 15 April 2010 - 03:39 PM

Thanks for your reply. Today I run an adittional scan using Kaspersky LiveCD. It found yet another occurence of Rootkit.WIN32.tdss.d in C:\Windows\System32\drivers\volmgr.sys and claimed it removed the infection. The computer is still unbootable though.

OTL.txt:
OTL logfile created on: 4/15/2010 10:51:56 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.47 Gb Total Space | 41.18 Gb Free Space | 23.60% Space Free | Partition Type: NTFS
Drive D: | 7.52 Gb Total Space | 7.52 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive E: | 11.84 Gb Total Space | 1.89 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/10/20 13:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/08 04:21:52 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 18:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 14:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [File_System | Boot] -- -- (klmdb)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/04/15 17:17:36 | 000,052,792 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2010/04/13 05:04:51 | 000,019,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2009/12/11 07:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2009/12/11 07:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2009/12/08 13:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2009/12/04 11:56:16 | 000,212,992 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2009/12/04 11:56:09 | 000,105,984 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2009/11/03 10:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/10/14 14:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\Windows\System32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 12:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/24 21:27:25 | 000,634,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2009/09/14 05:29:50 | 000,144,896 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2009/09/01 08:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/09 06:16:16 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/15 19:15:25 | 000,439,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/04/11 02:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/04/11 02:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2009/04/11 02:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2009/04/11 02:32:49 | 000,014,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/04/11 02:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
DRV - [2009/04/11 02:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/04/11 02:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2009/04/11 02:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/04/11 02:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2009/04/11 02:32:31 | 000,054,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2009/04/11 02:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/04/11 00:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2009/04/11 00:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/04/11 00:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/04/11 00:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/04/11 00:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009/04/11 00:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/04/11 00:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/04/11 00:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/04/11 00:43:12 | 000,148,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV - [2009/04/11 00:43:10 | 000,507,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2009/04/11 00:43:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum)
DRV - [2009/04/11 00:43:08 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB)
DRV - [2009/04/11 00:43:04 | 000,062,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/04/11 00:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/04/11 00:42:52 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2009/04/11 00:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2009/04/11 00:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/04/11 00:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/04/11 00:39:13 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2009/04/11 00:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2009/04/11 00:19:14 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2009/04/11 00:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/04/11 00:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/04/11 00:14:29 | 000,079,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2009/04/11 00:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2009/04/11 00:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/04/11 00:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/04/11 00:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/03/19 19:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/04 06:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 22:24:59 | 000,083,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2008/01/20 22:24:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/20 22:24:57 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/20 22:24:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/01/20 22:24:55 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/01/20 22:24:55 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/20 22:24:51 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/20 22:24:51 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/20 22:24:51 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/20 22:24:50 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/20 22:24:50 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/20 22:24:50 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/20 22:24:47 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/20 22:24:47 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 22:24:45 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/01/20 22:24:37 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/20 22:24:37 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/20 22:24:37 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/20 22:24:25 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/20 22:24:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/20 22:24:25 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2008/01/20 22:24:25 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/20 22:24:25 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/20 22:24:21 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/20 22:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/20 22:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/20 22:24:11 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/20 22:24:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/20 22:24:08 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/20 22:24:06 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/01/20 22:24:06 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/20 22:24:04 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/20 22:24:04 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/20 22:23:54 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/20 22:23:53 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2008/01/20 22:23:51 | 000,503,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2008/01/20 22:23:51 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/20 22:23:51 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/20 22:23:50 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/20 22:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/20 22:23:43 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/20 22:23:31 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,134,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 22:23:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:23 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/20 22:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/20 22:23:23 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2008/01/20 22:23:22 | 000,061,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2008/01/20 22:23:22 | 000,059,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2008/01/20 22:23:22 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/20 22:23:22 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/20 22:23:22 | 000,024,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2008/01/20 22:23:22 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:21 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 22:23:20 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV - [2008/01/20 22:23:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/01/20 22:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/20 22:23:20 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/20 22:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 22:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 22:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 22:23:20 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/20 22:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 22:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 22:23:02 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2008/01/20 22:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 22:23:01 | 000,109,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2008/01/20 22:23:01 | 000,060,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2008/01/20 22:23:01 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/01/20 22:23:01 | 000,056,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/01/20 22:23:01 | 000,055,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/01/20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 22:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 22:23:01 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/20 22:23:01 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/20 22:23:01 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/20 22:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 22:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 22:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/20 22:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\errdev.sys -- (ErrDev)
DRV - [2008/01/18 07:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 16:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/18 09:12:28 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/09/18 09:12:28 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/09/18 09:12:28 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/09/09 18:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 07:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 07:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 07:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 22:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx2.sys -- (NVENETFD)

DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 04:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 04:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 04:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 03:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/02 02:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/18 19:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\Admin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 13:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 16:25:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/11 16:24:19 | 000,000,000 | ---D | M]

[2010/04/11 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2010/04/11 16:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/13 04:55:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\htjhygxk.default\extensions
[2010/04/11 16:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\htjhygxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/12 17:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/11 16:24:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/12 17:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml



O1 HOSTS File: ([2010/04/12 16:45:20 | 000,385,927 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13313 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe File not found
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe File not found
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe File not found
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe File not found
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKU\Admin_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKU\Admin_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKU\Admin_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.80.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7996042067-7810651846-615693512-1793\mgrls32.exe) - C:\RECYCLER\S-1-5-21-7996042067-7810651846-615693512-1793\mgrls32.exe File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (hggdda.dll) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 22:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ff64c099-4b96-11de-a49a-00218674afc6}\Shell - "" = AutoRun
O33 - MountPoints2\{ff64c099-4b96-11de-a49a-00218674afc6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/13 04:41:42 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\TDSSKiller.exe
[2010/04/12 17:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/04/12 17:34:04 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 17:14:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/04/12 17:11:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/12 15:33:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/12 14:10:09 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\System32\wbocx.ocx
[2010/04/12 14:10:09 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2010/04/12 14:10:08 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010/04/12 14:10:08 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2010/04/12 14:10:08 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF32.DLL
[2010/04/12 14:10:08 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF16.DLL
[2010/04/12 14:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/04/12 13:57:59 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/04/12 13:57:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/04/12 13:57:58 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/04/12 13:57:34 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/04/12 13:57:32 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/12 13:57:31 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/04/12 13:57:31 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/12 13:57:31 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/04/12 13:57:31 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/04/12 13:57:31 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/04/12 13:57:31 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/04/12 13:57:31 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/12 13:57:31 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/04/12 13:57:31 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/12 13:57:31 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/04/12 13:57:31 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/04/12 13:57:31 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/04/12 13:57:31 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/12 13:57:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/04/12 13:57:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/12 13:57:30 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/04/12 13:57:30 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/04/12 13:57:30 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/04/12 13:57:30 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/04/12 13:57:30 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/04/12 13:57:30 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/04/12 13:57:30 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/04/12 13:57:30 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/04/12 13:57:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/04/12 13:57:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/04/12 13:57:06 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/04/12 13:57:04 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/12 13:57:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/04/12 13:57:04 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/12 13:57:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/04/12 13:57:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/12 13:57:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/12 13:56:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/04/12 13:56:26 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/04/12 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/12 12:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/12 05:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/11 22:17:53 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/11 22:17:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/11 22:17:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/11 17:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/11 17:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/11 17:22:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/11 16:42:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/11 16:41:38 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/11 16:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2010/04/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla[2010/04/11 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/10 11:31:50 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010/04/10 11:31:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe
[2010/04/10 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/10 08:28:16 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/10 08:28:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/10 08:28:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/10 08:28:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/10 08:28:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/10 08:28:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/10 08:28:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/10 08:28:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/10 08:28:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/10 08:28:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/10 08:28:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/10 08:28:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/10 08:28:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/10 08:28:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/10 08:28:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/31 16:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\PSeries
[2010/03/26 02:16:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/26 02:16:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

========== Files - Modified Within 30 Days ==========

[2010/04/16 01:32:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/15 17:17:36 | 000,052,792 | ---- | M] () -- C:\Windows\System32\drivers\volmgr.sys
[2010/04/13 05:03:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/13 05:03:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/13 05:03:41 | 001,489,477 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/04/13 05:00:21 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/13 05:00:21 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/13 05:00:21 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/13 05:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/04/13 04:50:51 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/13 04:48:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job
[2010/04/12 18:08:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 18:04:37 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/04/12 17:35:18 | 000,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 17:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/04/12 16:45:20 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/12 16:39:24 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-224520.backup
[2010/04/12 16:35:26 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223924.backup
[2010/04/12 16:19:42 | 000,007,620 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 16:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/04/12 15:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/04/12 14:17:57 | 000,000,045 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:00:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/12 13:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/04/12 12:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/04/12 11:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/04/12 07:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/04/12 06:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/04/12 05:33:32 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223526.backup
[2010/04/12 05:15:38 | 000,027,648 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 04:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/04/12 03:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/04/12 02:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/04/12 01:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/04/12 00:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/04/11 23:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/04/11 22:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/04/11 21:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/04/11 17:27:28 | 000,300,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/11 16:39:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/04/11 16:25:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/10 12:19:16 | 000,011,486 | -HS- | M] () -- C:\Users\Admin\AppData\Local\1ND8Ib1
[2010/04/10 12:00:30 | 189,147,276 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/10 11:42:33 | 000,011,466 | -HS- | M] () -- C:\Users\Admin\AppData\Local\2154574951
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/04 10:44:08 | 000,002,587 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk
[2010/03/22 04:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2010/04/12 17:35:18 | 000,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 14:12:06 | 000,000,045 | ---- | C] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:10:08 | 000,000,439 | ---- | C] () -- C:\Windows\System32\shfolder.inf
[2010/04/12 14:00:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/11 16:25:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/10 11:42:31 | 000,011,466 | -HS- | C] () -- C:\Users\Admin\AppData\Local\2154574951
[2010/04/10 11:34:09 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/04/10 11:34:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/04/10 11:34:05 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/04/10 11:34:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/04/10 11:34:01 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/04/10 11:33:58 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/04/10 11:33:56 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/04/10 11:33:53 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/04/10 11:33:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/04/10 11:33:47 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/04/10 11:33:44 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/04/10 11:33:41 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/04/10 11:33:37 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/04/10 11:33:33 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/04/10 11:33:29 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/04/10 11:33:26 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/04/10 11:33:23 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/04/10 11:33:21 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/04/10 11:33:16 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/04/10 11:33:08 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/04/10 11:33:04 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/04/10 11:33:01 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/04/10 11:32:56 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/04/10 11:32:52 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/04/10 11:31:38 | 000,011,486 | -HS- | C] () -- C:\Users\Admin\AppData\Local\1ND8Ib1
[2010/04/10 11:31:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/10 11:31:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/13 16:26:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/06 06:23:26 | 000,000,110 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/24 22:36:30 | 000,027,648 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 03:45:10 | 000,024,206 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2008/09/06 18:07:01 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\FnF4.txt
[2008/09/06 16:44:36 | 000,007,620 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008/09/06 16:09:46 | 000,076,791 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.001
[2008/09/06 16:09:12 | 000,076,791 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.dat
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\QSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\DSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\AtStart.txt
[2008/08/06 05:06:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/20 22:23:01 | 000,052,792 | ---- | C] () -- C:\Windows\System32\drivers\volmgr.sys
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/22 14:12:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2008/12/01 03:28:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyPublisher
[2008/09/06 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SupportSoft
[2009/09/06 06:23:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2008/09/26 03:00:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/04/12 18:04:37 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/04/12 03:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/04/12 04:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/04/13 05:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/04/12 06:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/04/12 07:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/04/12 11:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/04/12 12:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/04/12 13:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/04/12 15:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/04/12 16:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/04/12 17:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/04/10 11:36:59 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/04/11 21:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/04/11 22:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/04/11 23:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/04/12 00:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/04/12 01:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/04/12 02:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/04/13 05:03:54 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010/04/13 05:04:51 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 01:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2008/09/18 00:35:07 | 003,470,904 | ---- | M] (Microsoft Corporation) MD5=03279407E78F76BA1131DAB35A5E55C0 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntoskrnl.exe
[2009/08/05 10:10:22 | 003,548,216 | ---- | M] (Microsoft Corporation) MD5=09C5FB44F152EFF551A112C931DDE640 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_6e402703caaf139b\ntoskrnl.exe
[2008/09/18 00:27:44 | 003,472,952 | ---- | M] (Microsoft Corporation) MD5=1E09CE4D9BB7B6521FB023CAE2E55F63 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntoskrnl.exe
[2008/09/18 01:09:09 | 003,549,240 | ---- | M] (Microsoft Corporation) MD5=1FD3E8BFFD38F9B145E4B2B238B692F7 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntoskrnl.exe
[2009/12/08 16:52:16 | 003,546,200 | ---- | M] (Microsoft Corporation) MD5=20D040ECE9A8F578D1D938256F34B663 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18377_none_6bebb9e4b4557ed5\ntoskrnl.exe
[2008/04/26 04:11:33 | 003,549,240 | ---- | M] (Microsoft Corporation) MD5=22D444D3D88A4C299894B3638A114BF7 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntoskrnl.exe
[2009/12/08 18:29:12 | 003,469,912 | ---- | M] (Microsoft Corporation) MD5=2972EEF8E834883EEC7C1995639341EF -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21175_none_6a8cef97d04e8e42\ntoskrnl.exe
[2009/03/03 00:24:50 | 003,469,280 | ---- | M] (Microsoft Corporation) MD5=3910FE042C707E6BACD0FEC5AB9ECDE6 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntoskrnl.exe
[2009/03/03 00:46:01 | 003,547,632 | ---- | M] (Microsoft Corporation) MD5=393BB8FE05D66ABA7B091E6032179272 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntoskrnl.exe
[2009/08/05 13:15:59 | 003,547,736 | ---- | M] (Microsoft Corporation) MD5=3EEEDCCFB587BCB0E2DE075332498C11 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_6c6c8757cd796d3e\ntoskrnl.exe
[2009/08/05 10:28:44 | 003,467,864 | ---- | M] (Microsoft Corporation) MD5=4765C66A89E7151626FF3545B01D2601 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_6a4b28f6b6fb9243\ntoskrnl.exe
[2009/08/05 10:22:41 | 003,546,184 | ---- | M] (Microsoft Corporation) MD5=5302026B0FADB0819009798D3F6BCD77 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_6c34687ab41f6f39\ntoskrnl.exe
[2009/08/04 08:34:19 | 003,548,216 | ---- | M] (Microsoft Corporation) MD5=575DD16BF4C21C2F7E2BBE203AC1E957 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc25a6eb1887137\ntoskrnl.exe
[2009/12/08 16:01:02 | 003,548,216 | ---- | M] (Microsoft Corporation) MD5=664CA09C523FAB9D01BE6C4028C1B58B -- C:\Windows\System32\ntoskrnl.exe
[2009/12/08 16:01:02 | 003,548,216 | ---- | M] (Microsoft Corporation) MD5=664CA09C523FAB9D01BE6C4028C1B58B -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18160_none_6dd5fb98b17a03ce\ntoskrnl.exe
[2008/01/20 22:24:42 | 003,548,728 | ---- | M] (Microsoft Corporation) MD5=6700F35EBA206E5C89AC27C9A124DC01 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntoskrnl.exe
[2009/04/11 02:32:49 | 003,549,672 | ---- | M] (Microsoft Corporation) MD5=6798DBF3F25721637AEF5B6C69911C9C -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_6e1bdaacb144ddb4\ntoskrnl.exe
[2009/03/03 00:22:43 | 003,471,328 | ---- | M] (Microsoft Corporation) MD5=808C86316AED98716C5F305A6265F393 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntoskrnl.exe
[2008/04/26 04:25:54 | 003,549,240 | ---- | M] (Microsoft Corporation) MD5=C9CD31B3CBA8134F2B47FB5E78376ACC -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntoskrnl.exe
[2009/12/08 16:54:53 | 003,467,848 | ---- | M] (Microsoft Corporation) MD5=CD2EEBFA39E742C8C066CCE09382A19B -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16973_none_6a017a16b7328888\ntoskrnl.exe
[2009/12/08 16:36:58 | 003,548,760 | ---- | M] (Microsoft Corporation) MD5=D32E95B17477E183F6019A99BE799BA9 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22577_none_6c755895cd731bc6\ntoskrnl.exe
[2009/08/05 10:10:15 | 003,469,896 | ---- | M] (Microsoft Corporation) MD5=D8DCA438CE571DB20BD8C4915CAC0760 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f\ntoskrnl.exe
[2008/09/18 00:54:49 | 003,549,752 | ---- | M] (Microsoft Corporation) MD5=DEA801F2D9FD1DB35ED6B9BC4A6657F1 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntoskrnl.exe
[2009/03/03 00:37:19 | 003,548,656 | ---- | M] (Microsoft Corporation) MD5=DFF34C5D66AB4BF1EED47BF19D1267BB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntoskrnl.exe
[2009/12/08 16:14:53 | 003,550,264 | ---- | M] (Microsoft Corporation) MD5=FB82B0147B7D93379B68F8A6A5828C70 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22283_none_6e4cf969caa5277f\ntoskrnl.exe

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< %SYSTEMDRIVE%\*.* >
[2008/04/24 22:23:11 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/24 22:00:19 | 000,000,385 | -H-- | M] () -- C:\IPH.PH
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/15 08:24:10 | 3466,776,576 | -HS- | M] () -- C:\pagefile.sys
[2010/04/13 04:34:59 | 000,013,094 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_13.04.2010_10.34.46_log.txt
[2010/04/13 04:40:37 | 000,013,094 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_13.04.2010_10.40.20_log.txt
[2010/04/13 04:42:13 | 000,012,290 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_13.04.2010_10.42.10_log.txt
[2010/04/13 04:46:48 | 000,009,316 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_13.04.2010_10.46.32_log.txt
[2010/04/13 04:52:36 | 000,009,320 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_13.04.2010_10.52.29_log.txt
[2010/03/22 04:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\TDSSKiller.exe

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< End of report >
[/code]

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:01 PM

Posted 15 April 2010 - 04:11 PM

Save these instructions in your flash drive.
  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :files
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At10.job
    C:\Windows\Tasks\At11.job
    C:\Windows\Tasks\At12.job
    C:\Windows\Tasks\At13.job
    C:\Windows\Tasks\At14.job
    C:\Windows\Tasks\At15.job
    C:\Windows\Tasks\At16.job
    C:\Windows\Tasks\At17.job
    C:\Windows\Tasks\At18.job
    C:\Windows\Tasks\At19.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At20.job
    C:\Windows\Tasks\At21.job
    C:\Windows\Tasks\At22.job
    C:\Windows\Tasks\At23.job
    C:\Windows\Tasks\At24.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    C:\Windows\Tasks\At5.job
    C:\Windows\Tasks\At6.job
    C:\Windows\Tasks\At7.job
    C:\Windows\Tasks\At8.job
    C:\Windows\Tasks\At9.job
    C:\Windows\Tasks\SCHEDLGU.TXT
    C:\TDSSKiller.2.2.8.1_13.04.2010_10.34.46_log.txt
    C:\TDSSKiller.2.2.8.1_13.04.2010_10.40.20_log.txt
    C:\TDSSKiller.2.2.8.1_13.04.2010_10.42.10_log.txt
    C:\TDSSKiller.2.2.8.1_13.04.2010_10.46.32_log.txt
    C:\TDSSKiller.2.2.8.1_13.04.2010_10.52.29_log.txt

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Shell"="Explorer.exe"
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    [HKEY_LOCAL_MACHINE\system\ControlSet001\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in
      /md5start
      volmgr.sys
      /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 sliwowitz

sliwowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 15 April 2010 - 08:39 PM

log file:
========== FILES ==========
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
C:\Windows\Tasks\SCHEDLGU.TXT moved successfully.
C:\TDSSKiller.2.2.8.1_13.04.2010_10.34.46_log.txt moved successfully.
C:\TDSSKiller.2.2.8.1_13.04.2010_10.40.20_log.txt moved successfully.
C:\TDSSKiller.2.2.8.1_13.04.2010_10.42.10_log.txt moved successfully.
C:\TDSSKiller.2.2.8.1_13.04.2010_10.46.32_log.txt moved successfully.
C:\TDSSKiller.2.2.8.1_13.04.2010_10.52.29_log.txt moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"Explorer.exe" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\Windows\\system32\\userinit.exe," /E : value set successfully!
HKEY_LOCAL_MACHINE\system\ControlSet001\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!

OTLPE by OldTimer - Version 3.1.37.1 log created on 04162010_050433


The TDSSKiller* files were just log files form TDSS rootkit removal tool form Kaspersky http://support.kaspersky.com/viruses/solutions?qid=208280684 which actually failed to remove the trojan, because the trojan was probably a newer version as decribed at http://forum.kaspersky.com/index.php?showt...65380&st=20



OTL.txt:
OTL logfile created on: 4/16/2010 6:18:06 AM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.47 Gb Total Space | 41.18 Gb Free Space | 23.60% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 1.89 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/10/20 13:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/08 04:21:52 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 18:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 14:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [File_System | Boot] -- -- (klmdb)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/04/15 17:17:36 | 000,052,792 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2010/04/13 05:04:51 | 000,019,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2009/12/11 07:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2009/12/11 07:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2009/12/08 13:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2009/12/04 11:56:16 | 000,212,992 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2009/12/04 11:56:09 | 000,105,984 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2009/11/03 10:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/10/14 14:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\Windows\System32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 12:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/24 21:27:25 | 000,634,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2009/09/14 05:29:50 | 000,144,896 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2009/09/01 08:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/09 06:16:16 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/15 19:15:25 | 000,439,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/04/11 02:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/04/11 02:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2009/04/11 02:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2009/04/11 02:32:49 | 000,014,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/04/11 02:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
DRV - [2009/04/11 02:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/04/11 02:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2009/04/11 02:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/04/11 02:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2009/04/11 02:32:31 | 000,054,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2009/04/11 02:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/04/11 00:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2009/04/11 00:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/04/11 00:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/04/11 00:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/04/11 00:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009/04/11 00:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/04/11 00:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/04/11 00:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/04/11 00:43:12 | 000,148,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV - [2009/04/11 00:43:10 | 000,507,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2009/04/11 00:43:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum)
DRV - [2009/04/11 00:43:08 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB)
DRV - [2009/04/11 00:43:04 | 000,062,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/04/11 00:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/04/11 00:42:52 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2009/04/11 00:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2009/04/11 00:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/04/11 00:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/04/11 00:39:13 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2009/04/11 00:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2009/04/11 00:19:14 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2009/04/11 00:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/04/11 00:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/04/11 00:14:29 | 000,079,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2009/04/11 00:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2009/04/11 00:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/04/11 00:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/04/11 00:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/03/19 19:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/04 06:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 22:24:59 | 000,083,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2008/01/20 22:24:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/20 22:24:57 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/20 22:24:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/01/20 22:24:55 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/01/20 22:24:55 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/20 22:24:51 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/20 22:24:51 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/20 22:24:51 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/20 22:24:50 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/20 22:24:50 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/20 22:24:50 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/20 22:24:47 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/20 22:24:47 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 22:24:45 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/01/20 22:24:37 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/20 22:24:37 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/20 22:24:37 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/20 22:24:25 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/20 22:24:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/20 22:24:25 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2008/01/20 22:24:25 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/20 22:24:25 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/20 22:24:21 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/20 22:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/20 22:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/20 22:24:11 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/20 22:24:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/20 22:24:08 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/20 22:24:06 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/01/20 22:24:06 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/20 22:24:04 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/20 22:24:04 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/20 22:23:54 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/20 22:23:53 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2008/01/20 22:23:51 | 000,503,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2008/01/20 22:23:51 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/20 22:23:51 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/20 22:23:50 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/20 22:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/20 22:23:43 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/20 22:23:31 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,134,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 22:23:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:23 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/20 22:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/20 22:23:23 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2008/01/20 22:23:22 | 000,061,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2008/01/20 22:23:22 | 000,059,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2008/01/20 22:23:22 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/20 22:23:22 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/20 22:23:22 | 000,024,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2008/01/20 22:23:22 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:21 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 22:23:20 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV - [2008/01/20 22:23:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/01/20 22:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/20 22:23:20 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/20 22:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 22:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 22:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 22:23:20 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/20 22:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 22:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 22:23:02 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2008/01/20 22:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 22:23:01 | 000,109,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2008/01/20 22:23:01 | 000,060,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2008/01/20 22:23:01 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/01/20 22:23:01 | 000,056,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/01/20 22:23:01 | 000,055,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/01/20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 22:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 22:23:01 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/20 22:23:01 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/20 22:23:01 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/20 22:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 22:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 22:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/20 22:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\errdev.sys -- (ErrDev)
DRV - [2008/01/18 07:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 16:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/18 09:12:28 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/09/18 09:12:28 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/09/18 09:12:28 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/09/09 18:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 07:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 07:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 07:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 22:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 04:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 04:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 04:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 03:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/02 02:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/18 19:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\Admin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 13:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 16:25:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/11 16:24:19 | 000,000,000 | ---D | M]

[2010/04/11 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2010/04/11 16:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/13 04:55:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\htjhygxk.default\extensions
[2010/04/11 16:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\htjhygxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/12 17:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/11 16:24:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/12 17:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/04/12 16:45:20 | 000,385,927 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13313 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe File not found
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe File not found
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe File not found
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe File not found
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKU\Admin_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKU\Admin_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKU\Admin_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.80.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7996042067-7810651846-615693512-1793\mgrls32.exe) - C:\RECYCLER\S-1-5-21-7996042067-7810651846-615693512-1793\mgrls32.exe File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (hggdda.dll) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 22:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ff64c099-4b96-11de-a49a-00218674afc6}\Shell - "" = AutoRun
O33 - MountPoints2\{ff64c099-4b96-11de-a49a-00218674afc6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/16 05:04:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/13 04:41:42 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\TDSSKiller.exe
[2010/04/12 17:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/04/12 17:34:04 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 17:14:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/04/12 17:11:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/12 15:33:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/12 14:10:09 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\System32\wbocx.ocx
[2010/04/12 14:10:09 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2010/04/12 14:10:08 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010/04/12 14:10:08 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2010/04/12 14:10:08 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF32.DLL
[2010/04/12 14:10:08 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF16.DLL
[2010/04/12 14:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/04/12 13:57:59 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/04/12 13:57:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/04/12 13:57:58 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/04/12 13:57:34 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/04/12 13:57:32 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/12 13:57:31 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/04/12 13:57:31 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/12 13:57:31 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/04/12 13:57:31 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/04/12 13:57:31 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/04/12 13:57:31 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/04/12 13:57:31 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/12 13:57:31 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/04/12 13:57:31 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/12 13:57:31 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/04/12 13:57:31 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/04/12 13:57:31 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/04/12 13:57:31 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/12 13:57:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/04/12 13:57:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/12 13:57:30 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/04/12 13:57:30 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/04/12 13:57:30 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/04/12 13:57:30 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/04/12 13:57:30 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/04/12 13:57:30 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/04/12 13:57:30 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/04/12 13:57:30 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/04/12 13:57:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/04/12 13:57:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/04/12 13:57:06 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/04/12 13:57:04 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/12 13:57:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/04/12 13:57:04 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/12 13:57:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/04/12 13:57:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/12 13:57:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/12 13:56:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/04/12 13:56:26 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/04/12 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/12 12:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/12 05:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/11 22:17:53 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/11 22:17:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/11 22:17:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/11 17:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/11 17:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/11 17:22:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/11 16:42:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/11 16:41:38 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/11 16:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2010/04/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2010/04/11 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/10 11:31:50 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010/04/10 11:31:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe
[2010/04/10 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/10 08:28:16 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/10 08:28:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/10 08:28:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/10 08:28:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/10 08:28:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/10 08:28:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/10 08:28:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/10 08:28:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/10 08:28:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/10 08:28:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/10 08:28:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/10 08:28:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/10 08:28:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/10 08:28:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/10 08:28:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/31 16:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\PSeries
[2010/03/26 02:16:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/26 02:16:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

========== Files - Modified Within 30 Days ==========

[2010/04/16 01:32:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/15 17:17:36 | 000,052,792 | ---- | M] () -- C:\Windows\System32\drivers\volmgr.sys
[2010/04/13 05:03:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/13 05:03:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/13 05:03:41 | 001,489,477 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/04/13 05:00:21 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/13 05:00:21 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/13 05:00:21 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/13 04:50:51 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/13 04:48:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job
[2010/04/12 18:08:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 17:35:18 | 000,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 16:45:20 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/12 16:39:24 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-224520.backup
[2010/04/12 16:35:26 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223924.backup
[2010/04/12 16:19:42 | 000,007,620 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 14:17:57 | 000,000,045 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:00:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/12 05:33:32 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223526.backup
[2010/04/12 05:15:38 | 000,027,648 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 17:27:28 | 000,300,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/11 16:39:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/04/11 16:25:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/10 12:19:16 | 000,011,486 | -HS- | M] () -- C:\Users\Admin\AppData\Local\1ND8Ib1
[2010/04/10 12:00:30 | 189,147,276 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/10 11:42:33 | 000,011,466 | -HS- | M] () -- C:\Users\Admin\AppData\Local\2154574951
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/04 10:44:08 | 000,002,587 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk
[2010/03/22 04:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2010/04/12 17:35:18 | 000,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 14:12:06 | 000,000,045 | ---- | C] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:10:08 | 000,000,439 | ---- | C] () -- C:\Windows\System32\shfolder.inf
[2010/04/12 14:00:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/11 16:25:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/10 11:42:31 | 000,011,466 | -HS- | C] () -- C:\Users\Admin\AppData\Local\2154574951
[2010/04/10 11:31:38 | 000,011,486 | -HS- | C] () -- C:\Users\Admin\AppData\Local\1ND8Ib1
[2010/04/10 11:31:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/10 11:31:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/13 16:26:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/06 06:23:26 | 000,000,110 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/24 22:36:30 | 000,027,648 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 03:45:10 | 000,024,206 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2008/09/06 18:07:01 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\FnF4.txt
[2008/09/06 16:44:36 | 000,007,620 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008/09/06 16:09:46 | 000,076,791 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.001
[2008/09/06 16:09:12 | 000,076,791 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.dat
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\QSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\DSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\AtStart.txt
[2008/08/06 05:06:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/20 22:23:01 | 000,052,792 | ---- | C] () -- C:\Windows\System32\drivers\volmgr.sys
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/22 14:12:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2008/12/01 03:28:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyPublisher
[2008/09/06 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SupportSoft
[2009/09/06 06:23:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2008/09/26 03:00:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: VOLMGR.SYS >
[2006/11/02 05:50:24 | 000,050,280 | ---- | M] (Microsoft Corporation) MD5=103E84C95832D0ED93507997CC7B54E8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\volmgr.sys
[2010/04/15 17:17:36 | 000,052,792 | ---- | M] () MD5=A0949408CD9D24E9C2CEFA90B12F1435 -- C:\Windows\System32\drivers\volmgr.sys
< End of report >


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:01 PM

Posted 15 April 2010 - 10:49 PM

Save these instructions in your flash drive.
  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    :files
    C:\Users\Admin\AppData\Local\2154574951
    C:\Users\Admin\AppData\Local\1ND8Ib1
    C:\Windows\System32\drivers\volmgr.sys|C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\volmgr.sys /replace

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.
Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in
      /md5start
      volmgr.sys
      /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 sliwowitz

sliwowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 16 April 2010 - 02:25 AM

Still not booting :-( Startup Repair now reports:
"Root cause found: Startup Repair has tried several times but still cannot determine the cause of the problem"

log:
========== FILES ==========
C:\Users\Admin\AppData\Local\2154574951 moved successfully.
C:\Users\Admin\AppData\Local\1ND8Ib1 moved successfully.
File C:\Windows\System32\drivers\volmgr.sys successfully replaced with C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\volmgr.sys

OTLPE by OldTimer - Version 3.1.37.1 log created on 04162010_124847


OTL.txt:
OTL logfile created on: 4/16/2010 1:59:52 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.47 Gb Total Space | 41.18 Gb Free Space | 23.60% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 1.89 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 7.52 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/10/20 13:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/08 04:21:52 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 18:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 14:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [File_System | Boot] -- -- (klmdb)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/04/13 05:04:51 | 000,019,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2009/12/11 07:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2009/12/11 07:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2009/12/08 13:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2009/12/04 11:56:16 | 000,212,992 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2009/12/04 11:56:09 | 000,105,984 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2009/11/03 10:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/10/14 14:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\Windows\System32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 12:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/24 21:27:25 | 000,634,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2009/09/14 05:29:50 | 000,144,896 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2009/09/01 08:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/09 06:16:16 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/15 19:15:25 | 000,439,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/04/11 02:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/04/11 02:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2009/04/11 02:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2009/04/11 02:32:49 | 000,014,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/04/11 02:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
DRV - [2009/04/11 02:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/04/11 02:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2009/04/11 02:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/04/11 02:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2009/04/11 02:32:31 | 000,054,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2009/04/11 02:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/04/11 00:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2009/04/11 00:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/04/11 00:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/04/11 00:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/04/11 00:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009/04/11 00:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/04/11 00:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/04/11 00:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/04/11 00:43:12 | 000,148,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV - [2009/04/11 00:43:10 | 000,507,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2009/04/11 00:43:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum)
DRV - [2009/04/11 00:43:08 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB)
DRV - [2009/04/11 00:43:04 | 000,062,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/04/11 00:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/04/11 00:42:52 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2009/04/11 00:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2009/04/11 00:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/04/11 00:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/04/11 00:39:13 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2009/04/11 00:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2009/04/11 00:19:14 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2009/04/11 00:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/04/11 00:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/04/11 00:14:29 | 000,079,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2009/04/11 00:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2009/04/11 00:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/04/11 00:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/04/11 00:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/03/19 19:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/04 06:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 22:24:59 | 000,083,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2008/01/20 22:24:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/20 22:24:57 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/20 22:24:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/01/20 22:24:55 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/01/20 22:24:55 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/20 22:24:51 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/20 22:24:51 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/20 22:24:51 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/20 22:24:50 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/20 22:24:50 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/20 22:24:50 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/20 22:24:47 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/20 22:24:47 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 22:24:45 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/01/20 22:24:37 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/20 22:24:37 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/20 22:24:37 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/20 22:24:25 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/20 22:24:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/20 22:24:25 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2008/01/20 22:24:25 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/20 22:24:25 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/20 22:24:21 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/20 22:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/20 22:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/20 22:24:11 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/20 22:24:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/20 22:24:08 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/20 22:24:06 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/01/20 22:24:06 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/20 22:24:04 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/20 22:24:04 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/20 22:23:54 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/20 22:23:53 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2008/01/20 22:23:51 | 000,503,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2008/01/20 22:23:51 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/20 22:23:51 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/20 22:23:50 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/20 22:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/20 22:23:43 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/20 22:23:31 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,134,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 22:23:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:23 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/20 22:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/20 22:23:23 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2008/01/20 22:23:22 | 000,061,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2008/01/20 22:23:22 | 000,059,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2008/01/20 22:23:22 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/20 22:23:22 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/20 22:23:22 | 000,024,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2008/01/20 22:23:22 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:21 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 22:23:20 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV - [2008/01/20 22:23:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/01/20 22:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/20 22:23:20 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/20 22:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 22:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 22:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 22:23:20 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/20 22:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 22:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 22:23:02 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2008/01/20 22:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 22:23:01 | 000,109,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2008/01/20 22:23:01 | 000,060,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2008/01/20 22:23:01 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/01/20 22:23:01 | 000,056,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/01/20 22:23:01 | 000,055,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 22:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 22:23:01 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/20 22:23:01 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/20 22:23:01 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/20 22:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 22:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 22:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/20 22:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\errdev.sys -- (ErrDev)
DRV - [2008/01/18 07:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 16:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/18 09:12:28 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/09/18 09:12:28 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/09/18 09:12:28 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/09/09 18:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 07:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 07:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 07:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 22:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 04:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 04:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 04:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 03:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/02 02:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/18 19:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\Admin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 13:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 16:25:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/11 16:24:19 | 000,000,000 | ---D | M]

[2010/04/11 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2010/04/11 16:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/13 04:55:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\htjhygxk.default\extensions
[2010/04/11 16:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\htjhygxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/12 17:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/11 16:24:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/12 17:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/04/12 16:45:20 | 000,385,927 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13313 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe File not found
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe File not found
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe File not found
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe File not found
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKU\Admin_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKU\Admin_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKU\Admin_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.80.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7996042067-7810651846-615693512-1793\mgrls32.exe) - C:\RECYCLER\S-1-5-21-7996042067-7810651846-615693512-1793\mgrls32.exe File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (hggdda.dll) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 22:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ff64c099-4b96-11de-a49a-00218674afc6}\Shell - "" = AutoRun
O33 - MountPoints2\{ff64c099-4b96-11de-a49a-00218674afc6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/16 05:04:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/12 17:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/04/12 17:34:04 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 17:14:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/04/12 17:11:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/12 15:33:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/12 14:10:09 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\System32\wbocx.ocx
[2010/04/12 14:10:09 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2010/04/12 14:10:08 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010/04/12 14:10:08 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2010/04/12 14:10:08 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF32.DLL
[2010/04/12 14:10:08 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF16.DLL
[2010/04/12 14:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/04/12 13:57:59 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/04/12 13:57:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/04/12 13:57:58 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/04/12 13:57:34 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/04/12 13:57:32 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/12 13:57:31 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/04/12 13:57:31 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/12 13:57:31 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/04/12 13:57:31 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/04/12 13:57:31 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/04/12 13:57:31 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/04/12 13:57:31 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/12 13:57:31 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/04/12 13:57:31 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/12 13:57:31 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/04/12 13:57:31 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/04/12 13:57:31 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/04/12 13:57:31 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/12 13:57:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/04/12 13:57:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/12 13:57:30 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/04/12 13:57:30 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/04/12 13:57:30 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/04/12 13:57:30 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/04/12 13:57:30 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/04/12 13:57:30 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/04/12 13:57:30 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/04/12 13:57:30 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/04/12 13:57:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/04/12 13:57:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/04/12 13:57:06 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/04/12 13:57:04 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/12 13:57:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/04/12 13:57:04 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/12 13:57:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/04/12 13:57:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/12 13:57:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/12 13:56:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/04/12 13:56:26 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/04/12 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/12 12:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/12 05:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/11 22:17:53 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/11 22:17:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/11 22:17:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/11 17:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/11 17:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/11 17:22:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/11 16:42:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/11 16:41:38 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/11 16:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2010/04/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2010/04/11 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/10 11:31:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/10 11:31:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe
[2010/04/10 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/10 08:28:16 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/10 08:28:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/10 08:28:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/10 08:28:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/10 08:28:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/10 08:28:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/10 08:28:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/10 08:28:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/10 08:28:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/10 08:28:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/10 08:28:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/10 08:28:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/10 08:28:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/10 08:28:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/10 08:28:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/31 16:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\PSeries
[2010/03/26 02:16:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/26 02:16:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

========== Files - Modified Within 30 Days ==========

[2010/04/16 10:40:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/13 05:03:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/13 05:03:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/13 05:03:41 | 001,489,477 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/04/13 05:00:21 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/13 05:00:21 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/13 05:00:21 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/13 04:50:51 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/13 04:48:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job
[2010/04/12 18:08:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 17:35:18 | 000,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 16:45:20 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/12 16:39:24 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-224520.backup
[2010/04/12 16:35:26 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223924.backup
[2010/04/12 16:19:42 | 000,007,620 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 14:17:57 | 000,000,045 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:00:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/12 05:33:32 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223526.backup
[2010/04/12 05:15:38 | 000,027,648 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 17:27:28 | 000,300,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/11 16:39:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/04/11 16:25:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/10 12:00:30 | 189,147,276 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/04 10:44:08 | 000,002,587 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2010/04/12 17:35:18 | 000,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 14:12:06 | 000,000,045 | ---- | C] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:10:08 | 000,000,439 | ---- | C] () -- C:\Windows\System32\shfolder.inf
[2010/04/12 14:00:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/11 16:25:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/10 11:31:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/10 11:31:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/13 16:26:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/06 06:23:26 | 000,000,110 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/24 22:36:30 | 000,027,648 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 03:45:10 | 000,024,206 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2008/09/06 18:07:01 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\FnF4.txt
[2008/09/06 16:44:36 | 000,007,620 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008/09/06 16:09:46 | 000,076,791 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.001
[2008/09/06 16:09:12 | 000,076,791 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.dat
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\QSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\DSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\AtStart.txt
[2008/08/06 05:06:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/22 14:12:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2008/12/01 03:28:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyPublisher
[2008/09/06 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SupportSoft
[2009/09/06 06:23:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2008/09/26 03:00:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: VOLMGR.SYS >
[2006/11/02 05:50:24 | 000,050,280 | ---- | M] (Microsoft Corporation) MD5=103E84C95832D0ED93507997CC7B54E8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\drivers\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\volmgr.sys
< End of report >
DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [File_System | Boot] -- -- (klmdb)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/04/13 05:04:51 | 000,019,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2009/12/11 07:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2009/12/11 07:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2009/12/08 13:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2009/12/04 11:56:16 | 000,212,992 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2009/12/04 11:56:09 | 000,105,984 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2009/11/03 10:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/10/14 14:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\Windows\System32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 12:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/24 21:27:25 | 000,634,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2009/09/14 05:29:50 | 000,144,896 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2009/09/01 08:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/09 06:16:16 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/15 19:15:25 | 000,439,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/04/11 02:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/04/11 02:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2009/04/11 02:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2009/04/11 02:32:49 | 000,014,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/04/11 02:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
DRV - [2009/04/11 02:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/04/11 02:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2009/04/11 02:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/04/11 02:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2009/04/11 02:32:31 | 000,054,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2009/04/11 02:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/04/11 00:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2009/04/11 00:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/04/11 00:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/04/11 00:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/04/11 00:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009/04/11 00:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/04/11 00:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/04/11 00:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/04/11 00:43:12 | 000,148,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV - [2009/04/11 00:43:10 | 000,507,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2009/04/11 00:43:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum)
DRV - [2009/04/11 00:43:08 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB)
DRV - [2009/04/11 00:43:04 | 000,062,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/04/11 00:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/04/11 00:42:52 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2009/04/11 00:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2009/04/11 00:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/04/11 00:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/04/11 00:39:13 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2009/04/11 00:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2009/04/11 00:19:14 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2009/04/11 00:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/04/11 00:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/04/11 00:14:29 | 000,079,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2009/04/11 00:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2009/04/11 00:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/04/11 00:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/04/11 00:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/03/19 19:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/04 06:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 22:24:59 | 000,083,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2008/01/20 22:24:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/20 22:24:57 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/20 22:24:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/01/20 22:24:55 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/01/20 22:24:55 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/20 22:24:51 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/20 22:24:51 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/20 22:24:51 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/20 22:24:50 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/20 22:24:50 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/20 22:24:50 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/20 22:24:47 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/20 22:24:47 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 22:24:45 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/01/20 22:24:37 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/20 22:24:37 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/20 22:24:37 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/20 22:24:25 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/20 22:24:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/20 22:24:25 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2008/01/20 22:24:25 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/20 22:24:25 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/20 22:24:21 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/20 22:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/20 22:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/20 22:24:11 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/20 22:24:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/20 22:24:08 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/20 22:24:06 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/01/20 22:24:06 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/20 22:24:04 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/20 22:24:04 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/20 22:23:54 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/20 22:23:53 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2008/01/20 22:23:51 | 000,503,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2008/01/20 22:23:51 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/20 22:23:51 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/20 22:23:50 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/20 22:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/20 22:23:43 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/20 22:23:31 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,134,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 22:23:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:23 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/20 22:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/20 22:23:23 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2008/01/20 22:23:22 | 000,061,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2008/01/20 22:23:22 | 000,059,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2008/01/20 22:23:22 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/20 22:23:22 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/20 22:23:22 | 000,024,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2008/01/20 22:23:22 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:21 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 22:23:20 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV - [2008/01/20 22:23:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/01/20 22:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/20 22:23:20 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/20 22:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 22:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 22:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 22:23:20 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/20 22:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 22:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 22:23:02 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2008/01/20 22:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 22:23:01 | 000,109,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2008/01/20 22:23:01 | 000,060,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2008/01/20 22:23:01 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/01/20 22:23:01 | 000,056,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/01/20 22:23:01 | 000,055,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 22:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 22:23:01 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/20 22:23:01 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/20 22:23:01 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/20 22:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 22:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 22:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/20 22:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\errdev.sys -- (ErrDev)
DRV - [2008/01/18 07:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 16:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/18 09:12:28 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/09/18 09:12:28 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/09/18 09:12:28 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/09/09 18:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 07:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 07:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 07:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 22:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 04:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 04:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 04:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 03:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/02 02:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/18 19:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\Admin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 13:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 16:25:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/11 16:24:19 | 000,000,000 | ---D | M]

[2010/04/11 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2010/04/11 16:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/13 04:55:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\htjhygxk.default\extensions
[2010/04/11 16:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\htjhygxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/12 17:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/11 16:24:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/12 17:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/04/12 16:45:20 | 000,385,927 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13313 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe File not found
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe File not found
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe File not found
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe File not found
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKU\Admin_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKU\Admin_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKU\Admin_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.80.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7996042067-7810651846-615693512-1793\mgrls32.exe) - C:\RECYCLER\S-1-5-21-7996042067-7810651846-615693512-1793\mgrls32.exe File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (hggdda.dll) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 22:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ff64c099-4b96-11de-a49a-00218674afc6}\Shell - "" = AutoRun
O33 - MountPoints2\{ff64c099-4b96-11de-a49a-00218674afc6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/16 05:04:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/12 17:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/04/12 17:34:04 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 17:14:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/04/12 17:11:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/12 15:33:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/12 14:10:09 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\System32\wbocx.ocx
[2010/04/12 14:10:09 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2010/04/12 14:10:08 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010/04/12 14:10:08 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2010/04/12 14:10:08 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF32.DLL
[2010/04/12 14:10:08 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF16.DLL
[2010/04/12 14:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/04/12 13:57:59 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/04/12 13:57:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/04/12 13:57:58 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/04/12 13:57:34 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/04/12 13:57:32 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/12 13:57:31 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/04/12 13:57:31 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/12 13:57:31 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/04/12 13:57:31 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/04/12 13:57:31 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/04/12 13:57:31 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/04/12 13:57:31 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/12 13:57:31 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/04/12 13:57:31 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/12 13:57:31 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/04/12 13:57:31 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/04/12 13:57:31 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/04/12 13:57:31 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/12 13:57:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/04/12 13:57:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/12 13:57:30 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/04/12 13:57:30 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/04/12 13:57:30 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/04/12 13:57:30 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/04/12 13:57:30 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/04/12 13:57:30 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/04/12 13:57:30 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/04/12 13:57:30 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/04/12 13:57:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/04/12 13:57:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/04/12 13:57:06 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/04/12 13:57:04 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/12 13:57:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/04/12 13:57:04 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/12 13:57:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/04/12 13:57:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/12 13:57:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/12 13:56:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/04/12 13:56:26 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/04/12 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/12 12:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/12 05:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/11 22:17:53 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/11 22:17:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/11 22:17:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/11 17:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/11 17:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/11 17:22:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/11 16:42:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/11 16:41:38 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/11 16:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2010/04/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2010/04/11 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/10 11:31:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/10 11:31:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe
[2010/04/10 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/10 08:28:16 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/10 08:28:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/10 08:28:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/10 08:28:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/10 08:28:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/10 08:28:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/10 08:28:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/10 08:28:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/10 08:28:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/10 08:28:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/10 08:28:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/10 08:28:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/10 08:28:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/10 08:28:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/10 08:28:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/31 16:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\PSeries
[2010/03/26 02:16:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/26 02:16:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

========== Files - Modified Within 30 Days ==========

[2010/04/16 10:40:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/13 05:03:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/13 05:03:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/13 05:03:41 | 001,489,477 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/04/13 05:00:21 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/13 05:00:21 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/13 05:00:21 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/13 04:50:51 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/13 04:48:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job
[2010/04/12 18:08:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 17:35:18 | 000,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 16:45:20 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/12 16:39:24 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-224520.backup
[2010/04/12 16:35:26 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223924.backup
[2010/04/12 16:19:42 | 000,007,620 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 14:17:57 | 000,000,045 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:00:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/12 05:33:32 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223526.backup
[2010/04/12 05:15:38 | 000,027,648 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 17:27:28 | 000,300,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/11 16:39:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/04/11 16:25:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/10 12:00:30 | 189,147,276 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/04 10:44:08 | 000,002,587 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2010/04/12 17:35:18 | 000,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 14:12:06 | 000,000,045 | ---- | C] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:10:08 | 000,000,439 | ---- | C] () -- C:\Windows\System32\shfolder.inf
[2010/04/12 14:00:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/11 16:25:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/10 11:31:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/10 11:31:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/13 16:26:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/06 06:23:26 | 000,000,110 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/24 22:36:30 | 000,027,648 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 03:45:10 | 000,024,206 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2008/09/06 18:07:01 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\FnF4.txt
[2008/09/06 16:44:36 | 000,007,620 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008/09/06 16:09:46 | 000,076,791 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.001
[2008/09/06 16:09:12 | 000,076,791 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.dat
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\QSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\DSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\AtStart.txt
[2008/08/06 05:06:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/22 14:12:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2008/12/01 03:28:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyPublisher
[2008/09/06 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SupportSoft
[2009/09/06 06:23:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2008/09/26 03:00:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: VOLMGR.SYS >
[2006/11/02 05:50:24 | 000,050,280 | ---- | M] (Microsoft Corporation) MD5=103E84C95832D0ED93507997CC7B54E8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\drivers\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\volmgr.sys

< End of report >
[2010/04/16 10:40:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/13 05:03:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/13 05:03:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/13 05:03:41 | 001,489,477 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/04/13 05:00:21 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/13 05:00:21 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/13 05:00:21 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/13 04:59:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Local\Temp
[2010/04/13 04:50:51 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/13 04:48:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job
[2010/04/12 18:08:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 17:34:16 | 000,000,000 | ---D | M] -- C:\Program Files\Kaspersky Lab
[2010/04/12 16:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/12 16:19:42 | 000,007,620 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/12 15:12:10 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/04/12 15:12:09 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/04/12 14:17:57 | 000,000,045 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/04/12 05:15:38 | 000,027,648 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 17:27:28 | 000,300,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/11 17:23:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/04/11 17:23:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/04/11 17:23:50 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/11 17:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/04/11 17:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/04/11 17:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/04/11 17:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/04/11 17:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/04/11 17:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/04/11 17:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\System
[2010/04/11 17:23:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/04/11 16:57:57 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2010/04/11 16:39:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/04/11 16:38:20 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/04/11 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2010/04/11 16:25:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/11 16:25:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Local\Mozilla
[2010/04/11 16:24:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/04/10 12:00:30 | 189,147,276 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/10 11:32:43 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/04/10 11:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/04/10 11:32:08 | 000,000,000 | ---D | M] -- C:\Program Files\ICQ6
[2010/04/10 11:31:59 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\LightScribe
[2010/04/10 11:26:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2010/04/10 10:01:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM
[2010/04/04 10:44:08 | 000,002,587 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk
[2010/03/31 16:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\PSeries
[2010/03/02 12:10:54 | 000,072,440 | ---- | M] () -- C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/06 06:23:37 | 000,000,110 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/02/16 13:00:29 | 000,076,791 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\nvModes.001
[2008/09/23 01:44:50 | 000,076,791 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\nvModes.dat
[2008/09/07 03:45:10 | 000,024,206 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2008/09/06 18:07:01 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\FnF4.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\QSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\DSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\AtStart.txt
[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

========== Files - Modified Within 30 Days ==========

[2010/04/16 10:40:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/13 05:03:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/13 05:03:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/13 05:03:41 | 001,489,477 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/04/13 05:00:21 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/13 05:00:21 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/13 05:00:21 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/13 04:50:51 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/13 04:48:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job
[2010/04/12 18:08:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 17:35:18 | 000,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 16:45:20 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/12 16:39:24 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-224520.backup
[2010/04/12 16:35:26 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223924.backup
[2010/04/12 16:19:42 | 000,007,620 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 14:17:57 | 000,000,045 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:00:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/12 05:33:32 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223526.backup
[2010/04/12 05:15:38 | 000,027,648 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 17:27:28 | 000,300,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/11 16:39:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/04/11 16:25:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/10 12:00:30 | 189,147,276 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/10 11:31:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/04 10:44:08 | 000,002,587 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk

========== LOP Check ==========

[2009/06/22 14:12:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2008/12/01 03:28:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyPublisher
[2008/09/06 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SupportSoft
[2009/09/06 06:23:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2008/09/26 03:00:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: VOLMGR.SYS >
[2006/11/02 05:50:24 | 000,050,280 | ---- | M] (Microsoft Corporation) MD5=103E84C95832D0ED93507997CC7B54E8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\drivers\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\volmgr.sys
[2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) MD5=69503668AC66C77C6CD7AF86FBDF8C43 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\volmgr.sys

< End of report >


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:01 PM

Posted 16 April 2010 - 10:12 AM

Save these instructions in your flash drive.
  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :OTL
    DRV - File not found [File_System | Boot] -- -- (klmdb)
    O2 - BHO: (no name) - Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
    O2 - BHO: (no name) - Disabled:{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe File not found
    O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe File not found
    O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe File not found
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe File not found
    O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe File not found
    O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe File not found
    O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe File not found
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
    O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
    O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe File not found
    O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe File not found
    O4 - HKU\Admin_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
    O4 - HKU\Admin_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
    O4 - HKU\Admin_ON_C..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
    O30 - LSA: Authentication Packages - (hggdda.dll) - File not found

    :Files
    C:\MSDOS.SYS
    C:\IO.SYS
    C:\Windows\System32\drivers\etc\hosts.20100412-223526.backup
    C:\TDSSKiller.exe

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [REBOOT]

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.
Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in

      %SYSTEMDRIVE%\*.*
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 sliwowitz

sliwowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 16 April 2010 - 01:31 PM

Computer still unbootable, same symptoms (it just launches Startup Repair tool which is unable to identify any problem)

logfile: (I already deleted the TDSSKiller.exe file which was a Kaspersky tool for tdss rootkit removal)
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\klmdb deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\Disabled:{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Health Check Scheduler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpWirelessAssistant deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OnScreenDisplay deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QlbCtrl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QPService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SynTPEnh deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UCam_Menu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WAWifiMessage deleted successfully.
Registry value HKEY_USERS\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\LightScribe Control Panel deleted successfully.
Registry value HKEY_USERS\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully.
Registry value HKEY_USERS\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\\Authentication Packages:hggdda.dll deleted successfully.
========== FILES ==========
C:\MSDOS.SYS moved successfully.
C:\IO.SYS moved successfully.
C:\Windows\System32\drivers\etc\hosts.20100412-223526.backup moved successfully.
File\Folder C:\TDSSKiller.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 84145126 bytes
->Temporary Internet Files folder emptied: 1004276606 bytes
->Java cache emptied: 226814 bytes
->FireFox cache emptied: 33127084 bytes
->Flash cache emptied: 1568022 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2834 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 108645 bytes

Total Files Cleaned = 1,071.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.37.1 log created on 04172010_012425

OTL.txt:
OTL logfile created on: 4/17/2010 4:22:30 AM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.47 Gb Total Space | 42.26 Gb Free Space | 24.22% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 1.89 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 7.51 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/10/20 13:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/08 04:21:52 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 18:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 14:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/04/13 05:04:51 | 000,019,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2009/12/11 07:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2009/12/11 07:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2009/12/08 13:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2009/12/04 11:56:16 | 000,212,992 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2009/12/04 11:56:09 | 000,105,984 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2009/11/03 10:33:40 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/10/14 14:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\Windows\System32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 12:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/24 21:27:25 | 000,634,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2009/09/14 05:29:50 | 000,144,896 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2009/09/01 08:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/09 06:16:16 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/15 19:15:25 | 000,439,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/04/11 02:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/04/11 02:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2009/04/11 02:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/04/11 02:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2009/04/11 02:32:49 | 000,014,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/04/11 02:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
DRV - [2009/04/11 02:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/04/11 02:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2009/04/11 02:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/04/11 02:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2009/04/11 02:32:31 | 000,054,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2009/04/11 02:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/04/11 00:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2009/04/11 00:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/04/11 00:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/04/11 00:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/04/11 00:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009/04/11 00:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/04/11 00:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/04/11 00:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/04/11 00:43:12 | 000,148,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV - [2009/04/11 00:43:10 | 000,507,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2009/04/11 00:43:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum)
DRV - [2009/04/11 00:43:08 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB)
DRV - [2009/04/11 00:43:04 | 000,062,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/04/11 00:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/04/11 00:42:52 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2009/04/11 00:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2009/04/11 00:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/04/11 00:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/04/11 00:39:13 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2009/04/11 00:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2009/04/11 00:19:14 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2009/04/11 00:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/04/11 00:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/04/11 00:14:29 | 000,079,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2009/04/11 00:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2009/04/11 00:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/04/11 00:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/04/11 00:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/03/19 19:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/04 06:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 22:24:59 | 000,083,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2008/01/20 22:24:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/20 22:24:57 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/20 22:24:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/01/20 22:24:55 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/01/20 22:24:55 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/20 22:24:51 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/20 22:24:51 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/20 22:24:51 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/20 22:24:50 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/20 22:24:50 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/20 22:24:50 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/20 22:24:47 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/20 22:24:47 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 22:24:45 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/01/20 22:24:37 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/20 22:24:37 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/20 22:24:37 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/20 22:24:25 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/20 22:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/20 22:24:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/20 22:24:25 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2008/01/20 22:24:25 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/20 22:24:25 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/20 22:24:21 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/20 22:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/20 22:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/20 22:24:11 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/20 22:24:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/20 22:24:08 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/20 22:24:06 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/01/20 22:24:06 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/20 22:24:04 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/20 22:24:04 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/20 22:23:54 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/20 22:23:53 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2008/01/20 22:23:51 | 000,503,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2008/01/20 22:23:51 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/20 22:23:51 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/20 22:23:50 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/20 22:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/20 22:23:43 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/20 22:23:31 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,134,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 22:23:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:23 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/20 22:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/20 22:23:23 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2008/01/20 22:23:22 | 000,061,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2008/01/20 22:23:22 | 000,059,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2008/01/20 22:23:22 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/20 22:23:22 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/20 22:23:22 | 000,024,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2008/01/20 22:23:22 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:21 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 22:23:20 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV - [2008/01/20 22:23:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/01/20 22:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/20 22:23:20 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/20 22:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 22:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 22:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 22:23:20 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/20 22:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 22:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 22:23:02 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2008/01/20 22:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 22:23:01 | 000,109,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2008/01/20 22:23:01 | 000,060,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2008/01/20 22:23:01 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/01/20 22:23:01 | 000,056,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/01/20 22:23:01 | 000,055,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/01/20 22:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 22:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 22:23:01 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/20 22:23:01 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/20 22:23:01 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/20 22:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 22:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 22:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/20 22:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\errdev.sys -- (ErrDev)
DRV - [2008/01/18 07:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 16:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/18 09:12:28 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/09/18 09:12:28 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/09/18 09:12:28 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/09/09 18:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 07:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 07:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 07:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 22:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 04:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 04:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 04:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 03:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/02 02:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/18 19:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\Admin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 13:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 16:25:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/11 16:24:19 | 000,000,000 | ---D | M]

[2010/04/11 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2010/04/11 16:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/13 04:55:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\htjhygxk.default\extensions
[2010/04/11 16:37:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\htjhygxk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/12 17:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/11 16:24:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/12 17:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/04/17 01:32:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\Admin_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.80.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Admin_ON_C Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7996042067-7810651846-615693512-1793\mgrls32.exe) - C:\RECYCLER\S-1-5-21-7996042067-7810651846-615693512-1793\mgrls32.exe File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 22:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ff64c099-4b96-11de-a49a-00218674afc6}\Shell - "" = AutoRun
O33 - MountPoints2\{ff64c099-4b96-11de-a49a-00218674afc6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 01:32:21 | 000,552,448 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/04/16 05:04:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/12 17:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/04/12 17:34:04 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 17:14:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/04/12 17:11:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/12 15:33:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/12 14:10:09 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\System32\wbocx.ocx
[2010/04/12 14:10:09 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2010/04/12 14:10:08 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010/04/12 14:10:08 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2010/04/12 14:10:08 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF32.DLL
[2010/04/12 14:10:08 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF16.DLL
[2010/04/12 14:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/04/12 13:57:59 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/04/12 13:57:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/04/12 13:57:58 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/04/12 13:57:34 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/04/12 13:57:32 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/12 13:57:31 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/04/12 13:57:31 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/12 13:57:31 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/04/12 13:57:31 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/04/12 13:57:31 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/04/12 13:57:31 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/04/12 13:57:31 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/12 13:57:31 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/04/12 13:57:31 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/12 13:57:31 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/04/12 13:57:31 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/04/12 13:57:31 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/04/12 13:57:31 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/12 13:57:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/04/12 13:57:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/12 13:57:30 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/04/12 13:57:30 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/04/12 13:57:30 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/04/12 13:57:30 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/04/12 13:57:30 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/04/12 13:57:30 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/04/12 13:57:30 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/04/12 13:57:30 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/04/12 13:57:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/04/12 13:57:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/04/12 13:57:06 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/04/12 13:57:04 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/12 13:57:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/04/12 13:57:04 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/12 13:57:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/04/12 13:57:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/12 13:57:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/12 13:56:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/04/12 13:56:26 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/04/12 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/12 12:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/12 05:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/11 22:17:53 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/11 22:17:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/11 22:17:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/11 17:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/11 17:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/11 17:22:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/11 16:42:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/11 16:41:38 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/11 16:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2010/04/11 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2010/04/11 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/10 11:31:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/10 11:31:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe
[2010/04/10 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/10 08:28:16 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/10 08:28:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/10 08:28:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/10 08:28:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/10 08:28:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/10 08:28:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/10 08:28:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/10 08:28:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/10 08:28:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/10 08:28:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/10 08:28:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/10 08:28:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/10 08:28:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/10 08:28:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/10 08:28:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/31 16:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\PSeries
[2010/03/26 02:16:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/26 02:16:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

========== Files - Modified Within 30 Days ==========

[2010/04/17 01:32:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/04/17 01:08:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/13 05:03:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 05:03:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/13 05:03:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/13 05:03:41 | 001,489,477 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/04/13 05:00:21 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/13 05:00:21 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/13 05:00:21 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/13 04:50:51 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/13 04:48:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job
[2010/04/12 18:08:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 17:35:18 | 000,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 17:34:04 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/04/12 16:39:24 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-224520.backup
[2010/04/12 16:35:26 | 000,385,927 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100412-223924.backup
[2010/04/12 16:19:42 | 000,007,620 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 14:17:57 | 000,000,045 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:00:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/12 05:15:38 | 000,027,648 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 17:27:28 | 000,300,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/11 16:39:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/04/11 16:25:11 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/10 12:00:30 | 189,147,276 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/04 10:44:08 | 000,002,587 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2010/04/12 17:35:18 | 000,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/04/12 17:35:18 | 000,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/04/12 16:04:40 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2010/04/12 14:12:06 | 000,000,045 | ---- | C] () -- C:\Windows\System32\_WKERNEL.SYL
[2010/04/12 14:10:08 | 000,000,439 | ---- | C] () -- C:\Windows\System32\shfolder.inf
[2010/04/12 14:00:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/11 16:25:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/13 16:26:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/06 06:23:26 | 000,000,110 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat
[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/24 22:36:30 | 000,027,648 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 03:45:10 | 000,024,206 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2008/09/06 18:07:01 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\FnF4.txt
[2008/09/06 16:44:36 | 000,007,620 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008/09/06 16:09:46 | 000,076,791 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.001
[2008/09/06 16:09:12 | 000,076,791 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.dat
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\QSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\DSwitch.txt
[2008/09/06 16:05:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\AtStart.txt
[2008/08/06 05:06:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/22 14:12:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2008/12/01 03:28:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyPublisher
[2008/09/06 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SupportSoft
[2009/09/06 06:23:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2008/09/26 03:00:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/04/13 03:35:43 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8C2336CB-8BFD-47A7-89A1-03CE8BF80215}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/24 22:23:11 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/04/24 22:00:19 | 000,000,385 | -H-- | M] () -- C:\IPH.PH
[2010/04/16 14:15:21 | 000,358,200 | ---- | M] () -- C:\OTL.Txt
[2010/03/15 12:11:09 | 000,552,448 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/04/15 08:24:10 | 3466,776,576 | -HS- | M] () -- C:\pagefile.sys
< End of report >

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:01 PM

Posted 16 April 2010 - 03:25 PM

Hi, sliwowitz smile.gif

I have removed what I saw may interfere with the boot process. Perhaps the boot record may be corrupted or the Boot Process it self .We can run utilities in the Repair option to fix the the boot process and MBR. There is always the possibility that you may lose your data in the process. Therefore I would suggest you backup your important documents before proceeding throughout the Reatogo environment.

Lets start with the least invasive.

First, you must verify that you can access the Vista Recovery Environment.
To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.
If the option 'Repair your computer' is available, select it.

If not available, you will need to insert your Vista installation dvd and restart, then press any key when prompted to boot from the cd.
At the Install Windows screen, select Repair your computer. (image below)



Take note of the drive letter assigned to your operating system, as shown below. Select the Command Prompt.




Type the following bolded command at the x:\sources> prompt (or x:\windows\system32>) then hit Enter.

bcdedit /export X:\BCD_Backup <--- the red x represents your operating system drive letter, as shown in the image above. Replace it with the actual letter.
X:
cd boot
attrib bcd -s -h -r
ren X:\boot\bcd bcd.old
bootrec /RebuildBcd



Type Exit and press Enter. Restart the computer to test.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 sliwowitz

sliwowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 17 April 2010 - 05:09 AM

I don't have a Vista installation CD, but there is some recovery partition (it's a HP laptop) which has the tools displayed in the second screenshot.

OK. Now I get a black screen - Windows Boot Manager. Telling me:
File: \Windows\system32\drivers\tsk7E91.tmp
Status: 0xc000000f
Info: Windows failed to load because a critical system driver is missing or corrupt.

Pressing Enter gives me an option to boot windows normally etc. Any choice leads to the same error screen.

#13 sliwowitz

sliwowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 17 April 2010 - 08:56 AM

I posted too early - this time selecting Restore last working configuration (or something similar) worked and let me boot the machine. I run Windows update and everything seems to be working now. Thanks a lot for your help, JSntgRvr. thumbup.gif

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:01 PM

Posted 17 April 2010 - 10:15 AM

Lets scan for remnants.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

====================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:01 PM

Posted 27 April 2010 - 01:01 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users