Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crashed Windows XP Hard Drive


  • This topic is locked This topic is locked
151 replies to this topic

#1 finalera

finalera

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 25 April 2010 - 11:56 PM

I recently contracted a vicious virus, so I did some research and downloaded the recommended software. Unfortunately, this is the kinda virus that just doesn't give your hard drive any breaks. The little light that signifies activity on my computer, was just blinking, non-stop. Anyway, once I downloaded the anti-virus that was specifically designed to clean this thing, I tried to start it, but the computer wasn't responding, so I just clicked it off.

When I went to restart, the computer failed to load, so I'm assuming my hard drive crashed. My priority was to recover some of the data I had saved to that computer, and fortunately, I stumbled upon a magical USB device on eBay that basically helped me recover all my Word documents.

That said, I have a lot of other stuff that a simple flash drive won't be able to transport to another computer. In a perfect world, I can fix my hard drive and retain all the files, and get rid of this virus. I already have the anti-virus to attack the virus. I just need my hard drive to kick in.

But is it possible? Or does the only way of recovering my hard drive, come by deleting everything?

I heard that a "Clean Install" could fix corrupted files and possibly retain all the memory? But I have no idea how to perform it. I bought some CD-ROM on eBay that claimed it can "Clean Install," but I don't see it on the menu.

I popped the CD in, and the menu options are...

QUOTE
1. Runs fdisk to Creat and Delete Partitions
3. Deletes ALL partitions on your Primary drive
5. Runs delpart to selectively delete partitions
7. Formats your C:Drive
9. Sets BIOS to default to erase BIOS password
11. Runs Hardware Diagnostic
13. Displays HELPFILE FROM WEBPAGE
15. Runs NTFS utility to Read/Write to NTFS HDDs
17. Launches a DOS virus scanner
19. Finds your Windows 9X Product Key
21. ZeroFills hard drive, aka Low Level Format
23. Makes your hard drive bootable to Win98SE DOS
25. Transfers CDrom drivers to your hard drive


I don't have any training in programming, so none of this stuff makes sense to me. The ad said something like, "Repair, Recover Hard Drive." Suffice it to say, I don't see that option.

I read that "formating" your hard drive, means cleaning it out and returning it to the state it was when newly purchased. Even if that's true, I'm hoping there's a method that can fix whatever corrupt files are preventing my Windows XP from booting up, without deleting any of my files.

Any suggestions and advice would be greatly appreciated.

Edited by Pandy, 28 April 2010 - 08:08 AM.
MOved from Windows XO to a more appropriate forum ~Pandy


BC AdBot (Login to Remove)

 


#2 tjwh

tjwh

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 26 April 2010 - 09:24 AM

Because you were able to pull some documents from the drive it is not dead. Getting your data back is therefore quite easy:

-Buy an external HDD drive case
-Remove the harddrive from the computer and place in in the HDD case. Make sure everything is connected and DO NOT LET THE DRIVE HIT ANYTHING ((HARD)) WHEN YOU MOUNT IT
-Procure a computer and disable autorun for connect media/discs whatever on this computer (this is important to prevent the infection from spreading!!)
-Connect mount by USB(2.0) to a computer
-Copy all data you want to safe from the drive to a safe place on the computer (and scan for viruses using an offline scanner or online scanner such as kaspersky)


Alternatively, if you have a windows XP recovery CD and the partition where your system was installed on contained only system files and no important data you could:
-reformat system partition
-reinstall OS

I'd stick with the external HDD drive mount because almost everyone can do it and it takes no time

#3 finalera

finalera
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 26 April 2010 - 01:17 PM

QUOTE(tjwh @ Apr 26 2010, 10:24 AM) View Post
Because you were able to pull some documents from the drive it is not dead. Getting your data back is therefore quite easy:

-Buy an external HDD drive case
-Remove the harddrive from the computer and place in in the HDD case. Make sure everything is connected and DO NOT LET THE DRIVE HIT ANYTHING ((HARD)) WHEN YOU MOUNT IT
-Procure a computer and disable autorun for connect media/discs whatever on this computer (this is important to prevent the infection from spreading!!)
-Connect mount by USB(2.0) to a computer
-Copy all data you want to safe from the drive to a safe place on the computer (and scan for viruses using an offline scanner or online scanner such as kaspersky)


Alternatively, if you have a windows XP recovery CD and the partition where your system was installed on contained only system files and no important data you could:
-reformat system partition
-reinstall OS

I'd stick with the external HDD drive mount because almost everyone can do it and it takes no time


Thanks for the quick reply.

I know my way around basic functions on the computer, but those instructions are a bit too vague for me.

Would you recommend an "External HDD Drive Case" for me? For example, brand, model, etc.? I don't know the first thing about these things, or whether they're all the same or if I need to look for one that'll specifically operate my hard drive, etc.

I also have no idea how to "disable autorun."

The alternative method sounds fine, as well, but I don't have an XP Recovery CD. I lost the one that came with my computer. And I have no idea how to "partition" anything on the computer.


#4 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • BC Advisor
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:07:13 AM

Posted 26 April 2010 - 01:42 PM

To the original poster and all who read:

This case requires special attention available only from a qualified Staff member (most likely a Malware Removal Team Member).

This topic has been reported to the proper place, and action will soon be taken to start the cleaning/fixing process.

finalera, hold off on performing any actions until your topic is taken by a Staff member. Sit tight for a day or so, while a Staff member gets to your topic.

Thanks and have a nice day, smile.gif

kN
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:13 AM

Posted 26 April 2010 - 01:48 PM

The simplest way of recovering data files from an infected system...remove the hard drive, attach it directly to the motherboard of the clean/protected system...move the data files (after scanning the infected drive from the clean system).

System manufacturer and model?

<<I'm hoping there's a method that can fix whatever corrupt files are preventing my Windows XP from booting up, without deleting any of my files.>>

If that's true, you should be posting in the Am I Infected forum for treating malware situations, rather than this forum.

If you want your thread moved to that forum, indicate such and I will move it.

Louis



#6 tjwh

tjwh

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 26 April 2010 - 03:56 PM

QUOTE(hamluis @ Apr 26 2010, 08:48 PM) View Post
The simplest way of recovering data files from an infected system...remove the hard drive, attach it directly to the motherboard of the clean/protected system...move the data files (after scanning the infected drive from the clean system).

System manufacturer and model?

<<I'm hoping there's a method that can fix whatever corrupt files are preventing my Windows XP from booting up, without deleting any of my files.>>

If that's true, you should be posting in the Am I Infected forum for treating malware situations, rather than this forum.

If you want your thread moved to that forum, indicate such and I will move it.

Louis


yes, I fully agree with you, but he has little computing experience, that's why I would recommend the external HDD casing.

Finalera, regarding the external HDD casing. If you open up your computer case look at the hdd and see a very wide cable running into it (and not the 4 wire power cable), than it's IDE. If it's a smaller cable, it's SATA. You want a casing that can support exactly this (rest is unimportant). It doesn't really matter what brand you pick, as long as it supports the drive (so IDE or SATA). They are not that expensive, so you can't really go wrong with them.

Before you hook up the casing to the new system, be sure to disable auto play so viruses that are present won't enter the pc you are using. You can do this by following the instructions in this article. Be sure to scan the files you obtained to make sure they dont contain viruses!

Also, I second the opinions expressed by the gentlemen above me that you apply for help on one of the selected forums for this to get rid of the malware on the drive. They can almost certainly help you and you can maybe even get your pc back up and running + your files without having to take it apart.

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:13 AM

Posted 26 April 2010 - 06:53 PM

Hi, finalera smile.gif

welcome.gif

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standart Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 finalera

finalera
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 27 April 2010 - 08:16 PM

Wow, thanks for the help. The functional computer doesn't have a CD burner, so I'll have to employ my friend's laptop over the weekend. Hopefully, I can do it sooner though. Thanks again. I'll post the results as soon as I can.

#9 finalera

finalera
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 28 April 2010 - 10:37 PM

Just tried it, and it froze at the Free pe REATOGO screen. It just has the logo, and underneath it, "Starting WB Themes."

So far, 700 seconds and counting... and the CD also stopped spinning. It took probably a half hour to reach this point, BTW. It definitely doesn't load up very promptly.

#10 finalera

finalera
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 28 April 2010 - 10:46 PM

Tried it for a second time, and this time, it didn't go quite as far. It just got stuck on the blue screen, without the logo. And it gave an error message that reads, "lsass.exe - Application Error. The application failed to initialize properly. Press OK to terminate." I didn't get it all down, because before I can even hit the "OK" button, the computer rebooted by itself.

#11 finalera

finalera
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 28 April 2010 - 11:08 PM

Third attempt, and it's at 800 seconds and counting. This time, though, it said, "Setting up Networking" underneath the REATOGO logo, when it gave me a message to click "OK."

"X:\i386\System32\NET.EXE is not a valid Win32 application."

I clicked "OK," and just kept waiting. Now it says, "Network - Tcp/IP protocal" underneath the logo...

Not sure when it's gonna fully load...

#12 finalera

finalera
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 28 April 2010 - 11:30 PM

Wow, finally got through. The nonresponsive computer is currently undergoing the scan as recommended. I'm not sure how long the process will take, but I might leave the computer running overnight if it doesn't complete before I go to bed. I'll post the result as soon as I can, though. Thanks again!

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:13 AM

Posted 28 April 2010 - 11:32 PM

Sometimes is due to a bad download or a bad burn.

If still experiencing problems, run this application in the computer you used to download OTLPE.iso. The results will let us know if it is due to a bad download:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    QUOTE
    :filefind
    OTLPE.iso

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Edited by JSntgRvr, 28 April 2010 - 11:33 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 finalera

finalera
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 29 April 2010 - 12:00 AM

Fortunately, the scan was successful. Thanks for the additional help you provided though.

Here's the OTL.Txt that it produced.

OTL logfile created on: 4/29/2010 12:24:39 AM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 298.00 Mb Available Physical Memory | 58.00% Memory free
462.00 Mb Paging File | 341.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 37.03 Gb Free Space | 25.33% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.45 Gb Free Space | 92.59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/01/17 10:33:02 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/01/16 23:03:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/01/16 22:28:08 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/01/09 16:48:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/01/09 14:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/01/09 11:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/01/08 23:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/10/25 19:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 15:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/09/16 04:20:24 | 000,341,280 | ---- | M] () [Disabled] -- C:\Program Files\SiteAdvisor\6172\SAService.exe -- (SiteAdvisor Service)
SRV - [2007/03/10 01:05:20 | 003,068,352 | ---- | M] () [Auto] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/03/07 18:47:46 | 000,076,848 | ---- | M] () [Disabled] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/03/14 16:05:02 | 000,069,632 | ---- | M] (HP) [Disabled] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/01/26 19:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 19:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 19:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 22:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2004/08/17 23:00:00 | 000,073,748 | -H-- | M] () [Auto] -- C:\WINDOWS\SYSTEM32\Iasex.dll -- (Ias)
SRV - [2004/08/04 07:00:00 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\SYSTEM32\6to4v32.dll -- (6to4)
SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Disabled] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | System] -- -- (PRAGMAd.sys)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/04/12 22:45:45 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ohktv.sys -- (ohktv)
DRV - [2010/04/12 22:14:10 | 000,044,544 | ---- | M] () [Kernel | System] -- C:\WINDOWS\PRAGMAuidibcrpte\PRAGMAd.sys -- (PRAGMAuidibcrpte)
DRV - [2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys -- (Srv)
DRV - [2009/12/04 10:41:55 | 000,453,760 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - [2009/10/20 10:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\http.sys -- (HTTP)
DRV - [2009/06/22 07:34:52 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ksecdd.sys -- (KSecDD)
DRV - [2009/01/09 15:03:40 | 000,213,640 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/01/09 15:03:40 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/01/09 15:03:40 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/01/09 15:03:40 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/01/09 15:03:06 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/10/23 16:08:54 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys -- (Tcpip)
DRV - [2007/12/18 05:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys -- (MRxDAV)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/04/23 06:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\update.sys -- (Update)
DRV - [2007/03/07 19:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20)
DRV - [2007/02/25 15:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\ntfs.sys -- (Ntfs)
DRV - [2006/10/05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/19 17:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys -- (FltMgr)
DRV - [2006/06/14 05:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 04:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys -- (splitter)
DRV - [2006/06/14 04:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys -- (kmixer)
DRV - [2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys -- (Rdbss)
DRV - [2006/03/27 20:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wg111v2.sys -- (RTLWUSB)
DRV - [2006/02/14 20:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys -- (aec)
DRV - [2005/10/27 20:24:30 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2005/10/27 20:24:29 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2005/10/27 20:24:28 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2005/09/20 14:00:54 | 001,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/06/10 00:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpwd.sys -- (RDPWD)
DRV - [2005/04/01 14:43:02 | 000,066,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\EAPPkt.sys -- (EAPPkt)
DRV - [2004/10/29 16:14:44 | 000,260,096 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/09/29 18:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipnat.sys -- (IpNat)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/09/15 14:28:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV - [2004/08/13 06:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 05:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 05:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 05:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 05:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 05:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 05:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 05:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 05:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 05:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 07:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys -- (dmboot)
DRV - [2004/08/04 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\acpi.sys -- (ACPI)
DRV - [2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys -- (NDIS)
DRV - [2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys -- (NetBT)
DRV - [2004/08/04 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmio.sys -- (dmio)
DRV - [2004/08/04 07:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 07:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 07:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\mup.sys -- (Mup)
DRV - [2004/08/04 07:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 07:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys -- (Parport)
DRV - [2004/08/04 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys -- (IPSec)
DRV - [2004/08/04 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys -- (PSched)
DRV - [2004/08/04 07:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfs.sys -- (Udfs)
DRV - [2004/08/04 07:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys -- (Serial)
DRV - [2004/08/04 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 07:00:00 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys -- (i8042prt)
DRV - [2004/08/04 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys -- (Imapi)
DRV - [2004/08/04 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 07:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndproxy.sys -- (NDProxy)
DRV - [2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys -- (Disk)
DRV - [2004/08/04 07:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2004/08/04 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys -- (Gpc)
DRV - [2004/08/04 07:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\fips.sys -- (Fips)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS -- (IpFilterDriver)
DRV - [2004/08/04 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS -- (NwlnkFwd)
DRV - [2004/08/04 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\npfs.sys -- (Npfs)
DRV - [2004/08/04 07:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\modem.sys -- (Modem)
DRV - [2004/08/04 07:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 07:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys -- (Fdc)
DRV - [2004/08/04 07:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2004/08/04 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\msfs.sys -- (Msfs)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\partmgr.sys -- (PartMgr)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAUDIO.SYS -- (Cdaudio)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS -- (Raspti)
DRV - [2004/08/04 07:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys -- (serenum)
DRV - [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 07:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS -- (NwlnkFlt)
DRV - [2004/08/04 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\ACPIEC.SYS -- (ACPIEC)
DRV - [2004/08/04 07:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys -- (IRENUM)
DRV - [2004/08/04 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/04 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS -- (RasAcd)
DRV - [2004/08/04 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\PARVDM.SYS -- (ParVdm)
DRV - [2004/08/04 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS -- (dmload)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS -- (RDPCDD)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS -- (mnmdd)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS -- (Beep)
DRV - [2004/08/04 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS -- (Null)
DRV - [2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\SYSTEM32\WINSOCK.DLL -- (Winsock)
DRV - [2004/08/04 07:00:00 | 000,002,304 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\diskchk.sys -- (diskchk)
DRV - [2004/08/04 03:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2004/08/04 03:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys -- (TermDD)
DRV - [2004/08/04 02:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys -- (usbscan)
DRV - [2004/08/04 02:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys -- (USBSTOR)
DRV - [2004/08/04 02:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys -- (usbprint)
DRV - [2004/08/04 01:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 01:08:44 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2004/08/04 01:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 01:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 01:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\pci.sys -- (PCI)
DRV - [2004/08/04 01:07:48 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 01:07:44 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys -- (agpCPQ)
DRV - [2004/08/04 01:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:44 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2004/08/04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 01:07:42 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys -- (alim1541)
DRV - [2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys -- (agp440)
DRV - [2004/08/04 01:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys -- (DMusic)
DRV - [2004/08/04 01:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys -- (rdpdr)
DRV - [2004/08/04 01:00:52 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\i2omp.sys -- (i2omp)
DRV - [2004/08/04 01:00:52 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\i2omgmt.sys -- (i2omgmt)
DRV - [2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/04 00:59:44 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2004/08/04 00:59:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2004/08/04 00:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys -- (redbook)
DRV - [2004/08/04 00:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mskssrv.sys -- (MSKSSRV)
DRV - [2004/08/04 00:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mspqm.sys -- (MSPQM)
DRV - [2004/08/04 00:58:42 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys -- (swenum)
DRV - [2004/08/04 00:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mspclock.sys -- (MSPCLOCK)
DRV - [2004/08/04 00:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 00:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys -- (Mouclass)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 15:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 15:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/28 15:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - [2004/02/13 21:26:36 | 000,690,176 | ---- | M] (Intersil Americas Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\EU3USB.sys -- (EU3_USB)
DRV - [2004/02/10 17:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/02/12 17:28:14 | 000,008,576 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wncpkt.sys -- (WNCPKT)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/02 11:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\SjyPkt.sys -- (SjyPkt)
DRV - [2001/08/17 17:02:20 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys -- (HidUsb)
DRV - [2001/08/17 16:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys -- (mouhid)
DRV - [2001/08/17 16:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPN.SYS -- (hpn)
DRV - [2001/08/17 16:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\DPTI2O.SYS -- (dpti2o)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3)
DRV - [2001/08/17 16:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2HIB.SYS -- (perc2hib)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi)
DRV - [2001/08/17 16:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2.SYS -- (perc2)
DRV - [2001/08/17 16:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78XX.SYS -- (aic78xx)
DRV - [2001/08/17 16:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78U2.SYS -- (aic78u2)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810)
DRV - [2001/08/17 16:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ADPU160M.SYS -- (adpu160m)
DRV - [2001/08/17 16:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys -- (swmidi)
DRV - [2001/08/17 15:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS -- (audstub)
DRV - [2001/08/17 15:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2001/08/17 15:52:50 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS -- (Ftdisk)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k)
DRV - [2001/08/17 15:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1240.SYS -- (ql1240)
DRV - [2001/08/17 15:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL10WNT.SYS -- (Ql10wnt)
DRV - [2001/08/17 15:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC960NT.SYS -- (dac960nt)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x)
DRV - [2001/08/17 15:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\INI910U.SYS -- (ini910u)
DRV - [2001/08/17 15:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\DRIVERS\CBIDF2K.SYS -- (cbidf2k)
DRV - [2001/08/17 15:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\CBIDF2K.SYS -- (cbidf)
DRV - [2001/08/17 15:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\CPQARRAY.SYS -- (Cpqarray)
DRV - [2001/08/17 15:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\CD20XRNT.SYS -- (cd20xrnt)
DRV - [2001/08/17 15:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3350P.SYS -- (asc3350p)
DRV - [2001/08/17 15:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\AMSINT.SYS -- (amsint)
DRV - [2001/08/17 15:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\AHA154X.SYS -- (Aha154x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc)
DRV - [2001/08/17 15:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde)
DRV - [2001/08/17 15:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\TOSIDE.SYS -- (TosIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde)
DRV - [2001/08/17 15:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\pciide.sys -- (PCIIde)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Andy_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Andy_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Andy_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Andy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Andy_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Andy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKU\Andy_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKU\Andy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Anney_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\Anney_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Anney_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Anney_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
IE - HKU\Anney_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Anney_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Anney_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKU\Anney_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Ego_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Ego_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Ego_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\Ego_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Ego_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKU\Ego_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Superego_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\Superego_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Superego_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Superego_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
IE - HKU\Superego_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Superego_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKU\Superego_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gmail.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 21:57:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/07 20:22:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/08 02:57:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 01:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 01:47:10 | 000,000,000 | ---D | M]

[2008/09/08 16:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Mozilla\Extensions
[2008/09/08 16:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/12 00:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\axc3di8f.default\extensions
[2009/09/08 18:45:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\axc3di8f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/09 04:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\axc3di8f.default\extensions\firefox@tvunetworks.com
[2008/04/16 07:45:42 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\axc3di8f.default\searchplugins\siteadvisor.xml
[2010/04/12 00:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/03 01:47:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/11/16 06:05:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/09/09 09:43:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/07 20:23:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/09/15 16:22:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/04/03 01:47:02 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/03 01:47:02 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/08/07 17:35:32 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/07/25 08:23:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/10/17 14:29:52 | 001,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/04/03 01:47:05 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/05/11 01:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/03/08 02:56:59 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2007/10/06 17:40:54 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2007/10/06 17:40:54 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2007/10/06 17:40:54 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2007/10/06 17:40:54 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2007/10/06 17:40:54 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2007/10/06 17:40:54 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/03/08 02:57:40 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2010/03/08 02:56:40 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2005/08/09 14:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2010/03/13 04:45:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/13 04:45:19 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/13 04:45:19 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/13 04:45:19 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/13 04:45:19 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/13 04:45:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/13 04:45:19 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/08/27 19:21:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKU\Andy_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Andy_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKU\Andy_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKU\Andy_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Andy_ON_C\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKU\Andy_ON_C\..\Toolbar\WebBrowser: (Microsoft CommBand) - {4D5C8C2A-D075-11D0-B416-00C04FB90376} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKU\Anney_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKU\Anney_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKU\Anney_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Anney_ON_C\..\Toolbar\WebBrowser: (Microsoft CommBand) - {4D5C8C2A-D075-11D0-B416-00C04FB90376} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKU\Ego_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net (Privat)
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL ()
O4 - HKLM..\Run: [pdfc] C:\Program Files\Adolix\Adolix PDF Converter\pdfcload.exe (Bastea, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\Andy_ON_C..\Run: [appreg70700.exe] C:\Documents and Settings\Andy\Application Data\7F09BA5B11656A7EB8B918C068FE19F0\appreg70700.exe (MS)
O4 - HKU\Andy_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Andy_ON_C..\Run: [davclnt.exe] C:\Documents and Settings\Andy\Local Settings\Temp\davclnt.exe (Microsoft Corporation)
O4 - HKU\Andy_ON_C..\Run: [Digital Protection] C:\Program Files\Digital Protection\digprot.exe ()
O4 - HKU\Andy_ON_C..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\Documents and Settings\Andy\Local Settings\Temp\om17g.exe ()
O4 - HKU\Andy_ON_C..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\Andy\Local Settings\Temp\win16.exe ()
O4 - HKU\Andy_ON_C..\Run: [notepad] C:\Documents and Settings\LocalService\ntload.dll ()
O4 - HKU\Andy_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Anney_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Anney_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Anney_ON_C..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
O4 - HKU\Anney_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Ego_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Ego_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Ego_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Superego_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Ego_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O4 - Startup: C:\Documents and Settings\Andy\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Andy\Application Data\7F09BA5B11656A7EB8B918C068FE19F0\appreg70700.exe (MS)
O4 - Startup: C:\Documents and Settings\Andy\Start Menu\Programs\Startup\scandisk.dll ()
O4 - Startup: C:\Documents and Settings\Andy\Start Menu\Programs\Startup\scandisk.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Andy\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Andy_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Andy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Andy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Andy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Andy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Andy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Andy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Anney_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Anney_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Anney_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\Ego_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Ego_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Superego_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Superego_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (Bodog)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (Yahoo! Audio Conferencing)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} http://evideo.ufc.com/ufc/cabfiles/UFC_3_6_0_6.cab (UFC Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://bookmaker.secureprivate.com/MidasCa...OCXiovation.cab (Stm Class)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Yahoo! Audio UI1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} http://evideo.ufc.com/ufc/cabfiles/Entriq_...0_15_Silent.cab (MediaControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - C:\Program Files\NetMeeting\rteqepralehd.html
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 22:40:52 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup-1.45.exe
[2010/04/12 22:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Protection
[2010/04/12 22:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/04/12 22:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/12 22:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/12 22:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/12 22:14:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\PRAGMAuidibcrpte
[2010/04/12 22:13:49 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/04/12 22:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\7F09BA5B11656A7EB8B918C068FE19F0
[2010/04/12 22:12:09 | 000,036,642 | ---- | C] (Privat) -- C:\WINDOWS\System32\net.net
[2008/03/31 03:01:42 | 000,961,204 | ---- | C] (Nathan Moinvaziri ) -- C:\Program Files\extractnow.exe
[2007/12/08 22:20:57 | 003,922,680 | ---- | C] (ffdshow ) -- C:\Program Files\ffdshow_rev1523_20071009_clsid.exe
[2007/12/08 22:15:17 | 008,454,584 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp55.exe
[2007/11/16 06:13:21 | 002,566,736 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup351.exe
[2007/11/15 18:36:05 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Program Files\erunt-setup.exe
[2007/10/09 02:47:15 | 002,826,786 | ---- | C] (e-merge GmbH) -- C:\Program Files\wace22.exe
[2007/10/09 02:41:39 | 003,782,705 | ---- | C] (e-merge GmbH) -- C:\Program Files\wace26i.exe
[2007/10/06 17:37:26 | 020,256,064 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2007/08/25 05:14:18 | 003,670,320 | ---- | C] (Bodog Poker ) -- C:\Program Files\BodogPokerClient.exe
[2007/06/25 18:02:29 | 000,210,432 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTMoveIt.exe
[2007/06/23 05:23:55 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe
[2007/06/23 01:05:58 | 000,488,144 | ---- | C] (Soeperman Enterprises Ltd ) -- C:\Program Files\HJTsetup.exe
[2007/04/19 23:21:38 | 037,860,928 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTime2.exe
[2007/01/07 22:28:22 | 000,190,064 | ---- | C] (StreamCast) -- C:\Program Files\Morpheus.exe
[2006/08/08 22:58:07 | 003,186,040 | ---- | C] (SmartFTP) -- C:\Program Files\SFTPMSI.exe
[2006/08/01 18:03:10 | 003,800,811 | ---- | C] (e-merge GmbH) -- C:\Program Files\wace265i.exe
[2006/07/23 17:12:29 | 006,206,440 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp524_full_emusic-7plus.exe
[2006/07/23 16:56:49 | 001,278,976 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\WinAmp.exe
[2006/04/03 20:32:26 | 005,223,306 | ---- | C] (Network Associates, Inc.) -- C:\Program Files\4732xdat.exe
[2006/02/05 20:36:25 | 001,302,528 | ---- | C] (mIRC Co. Ltd.) -- C:\Program Files\mirc616.exe
[2005/12/24 12:03:43 | 000,304,728 | ---- | C] (Netscape Communications Corporation) -- C:\Program Files\netscape setup.exe
[2005/12/17 08:54:51 | 005,225,384 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 1.5.exe
[7 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[241 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Andy\My Documents\*.tmp files -> C:\Documents and Settings\Andy\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Andy\Desktop\*.tmp files -> C:\Documents and Settings\Andy\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/12 22:45:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\ohktv.sys
[2010/04/12 22:41:01 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andy\Desktop\mbam-setup-1.45.exe
[2010/04/12 22:36:56 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Digital Protection Support.lnk
[2010/04/12 22:36:56 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Digital Protection.lnk
[2010/04/12 22:31:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2560021123-406603779-1302757115-1006.job
[2010/04/12 22:31:12 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2560021123-406603779-1302757115-1006.job
[2010/04/12 22:30:24 | 000,010,578 | -HS- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\4T227ly4
[2010/04/12 22:26:55 | 000,181,248 | -HS- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\3397709227.dll
[2010/04/12 22:26:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/12 22:25:42 | 000,005,051 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/12 22:25:34 | 000,000,143 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAtxsrkltepx.dat
[2010/04/12 22:25:32 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 22:24:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/12 22:24:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/12 22:24:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/12 22:24:30 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/12 22:17:30 | 000,010,582 | -HS- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\1040348557
[2010/04/12 22:16:49 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAjxdrcthemt.dll
[2010/04/12 22:16:47 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAmttpuyatmc.dll
[2010/04/12 22:14:30 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAcjmovstget.dll
[2010/04/12 22:14:27 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAjmodyiktro.dll
[2010/04/12 22:14:23 | 000,001,174 | ---- | M] () -- C:\Documents and Settings\Andy\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/04/12 22:14:22 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Antimalware Doctor.lnk
[2010/04/12 22:14:16 | 000,029,696 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAumupkrdhlx.dll
[2010/04/12 22:12:51 | 000,000,647 | -HS- | M] () -- C:\Documents and Settings\Andy\Start Menu\Programs\Startup\scandisk.lnk
[2010/04/12 22:12:34 | 000,181,248 | -HS- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\ave.exe
[2010/04/12 22:12:32 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\lb57r.dll
[2010/04/12 22:12:09 | 000,036,642 | ---- | M] (Privat) -- C:\WINDOWS\System32\net.net
[2010/04/12 14:42:41 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/12 14:42:41 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/12 14:42:17 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Andy\NTUSER.DAT
[2010/04/12 14:42:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Andy\NTUSER.INI
[2010/04/11 22:32:57 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\cellarapril.doc
[2010/04/11 21:51:12 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Andy\My Documents\~$llarapril.doc
[2010/04/08 17:02:01 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\Andy Kwon Resume 4.doc
[2010/04/04 22:38:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/04 21:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Andy.job
[241 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Andy\My Documents\*.tmp files -> C:\Documents and Settings\Andy\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Andy\Desktop\*.tmp files -> C:\Documents and Settings\Andy\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/12 22:36:56 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Digital Protection Support.lnk
[2010/04/12 22:36:56 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Digital Protection.lnk
[2010/04/12 22:26:55 | 000,181,248 | -HS- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\3397709227.dll
[2010/04/12 22:17:30 | 000,010,582 | -HS- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\1040348557
[2010/04/12 22:16:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAjxdrcthemt.dll
[2010/04/12 22:16:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAmttpuyatmc.dll
[2010/04/12 22:14:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAcjmovstget.dll
[2010/04/12 22:14:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAjmodyiktro.dll
[2010/04/12 22:14:22 | 000,001,174 | ---- | C] () -- C:\Documents and Settings\Andy\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/04/12 22:14:21 | 000,001,162 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Antimalware Doctor.lnk
[2010/04/12 22:14:16 | 000,000,143 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAtxsrkltepx.dat
[2010/04/12 22:14:15 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAumupkrdhlx.dll
[2010/04/12 22:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ohktv.sys
[2010/04/12 22:12:37 | 000,010,578 | -HS- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\4T227ly4
[2010/04/12 22:12:34 | 000,181,248 | -HS- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\ave.exe
[2010/04/12 22:12:32 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\lb57r.dll
[2010/04/11 21:51:12 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Andy\My Documents\~$llarapril.doc
[2010/04/07 19:35:23 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\cellarapril.doc
[2010/04/06 23:47:03 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\Andy Kwon Resume 4.doc
[2009/08/22 18:55:31 | 000,034,304 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntload.dll
[2009/08/22 18:55:31 | 000,034,304 | -HS- | C] () -- C:\Documents and Settings\Andy\ntload.dll
[2009/08/22 18:55:31 | 000,034,304 | -HS- | C] () -- C:\WINDOWS\System32\notepad.dll
[2008/04/08 20:49:52 | 009,730,075 | ---- | C] () -- C:\Program Files\vlc-0.8.6f-win32.exe
[2008/04/07 15:15:40 | 104,727,303 | ---- | C] () -- C:\Program Files\xor.rar
[2008/04/01 00:58:54 | 205,463,552 | ---- | C] () -- C:\Program Files\xaa.avi
[2007/12/08 22:21:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/08 22:21:40 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/11/16 06:17:44 | 002,062,665 | ---- | C] () -- C:\Program Files\spywareguardsetup.exe
[2007/11/16 06:16:08 | 000,536,811 | ---- | C] () -- C:\Program Files\ie-spyad.exe
[2007/09/08 05:43:23 | 002,274,815 | ---- | C] () -- C:\Program Files\Setup-SopCast-1.1.2-2007-04-20.exe
[2007/09/08 05:43:23 | 000,000,574 | ---- | C] () -- C:\Program Files\changeLog.txt
[2007/09/08 05:42:34 | 002,248,200 | ---- | C] () -- C:\Program Files\SopCast.zip
[2007/06/23 01:09:45 | 012,413,440 | ---- | C] () -- C:\Program Files\avgas-setup-7.5.1.43.exe
[2007/06/23 01:08:04 | 005,797,152 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2007/06/22 20:25:32 | 003,833,824 | ---- | C] () -- C:\Program Files\Free-SpyHunter-Scanner-Install.exe
[2007/06/22 17:57:08 | 011,470,608 | ---- | C] () -- C:\Program Files\avgas-setup-7.5.0.50.exe
[2007/06/22 05:23:49 | 025,401,136 | ---- | C] () -- C:\Program Files\mvp2007-fi.exe
[2007/04/19 23:29:12 | 002,223,653 | ---- | C] () -- C:\Program Files\Media Player Classic.zip
[2006/12/22 16:02:56 | 000,831,608 | ---- | C] () -- C:\Program Files\mp3tr.zip
[2006/12/18 23:58:30 | 007,319,736 | ---- | C] () -- C:\Program Files\iMeshV7.exe
[2006/11/04 07:48:27 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/11/04 07:41:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/08/06 21:15:48 | 002,561,162 | ---- | C] () -- C:\Program Files\vbulletin_3-6-0_VBF66C2998.zip
[2006/08/01 18:00:59 | 030,162,042 | ---- | C] () -- C:\Program Files\Juno.rar
[2006/07/23 17:14:29 | 020,545,536 | ---- | C] () -- C:\Program Files\WFA KotS - Mayhem vs Sincaid.nsv
[2006/07/23 17:00:26 | 008,282,187 | ---- | C] () -- C:\Program Files\vlc-0.8.5-win32.exe
[2006/05/05 22:05:27 | 000,150,016 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/24 06:28:55 | 000,015,468 | ---- | C] () -- C:\Program Files\snode.reg
[2006/04/03 22:18:58 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/04/03 21:34:21 | 000,197,342 | ---- | C] () -- C:\Program Files\roguescanfix.exe
[2006/04/03 20:54:18 | 007,437,420 | ---- | C] () -- C:\Program Files\dat-4732.zip
[2006/04/03 20:32:40 | 000,000,893 | ---- | C] () -- C:\Program Files\SuperDAT.log
[2006/03/09 23:10:39 | 007,273,258 | ---- | C] () -- C:\Program Files\guyfact_guyfact[1].sql.gz
[2006/03/08 22:19:12 | 000,012,753 | ---- | C] () -- C:\Program Files\vb3_readme.html
[2006/03/08 22:19:12 | 000,009,797 | ---- | C] () -- C:\Program Files\vb3_readme.txt
[2006/03/08 22:19:12 | 000,008,019 | ---- | C] () -- C:\Program Files\license_agreement.html
[2006/03/08 20:44:45 | 000,006,009 | ---- | C] () -- C:\Program Files\bigdump.zip
[2006/02/04 06:37:19 | 169,330,409 | ---- | C] () -- C:\Program Files\Photoshop7.zip
[2006/02/04 05:41:25 | 000,003,376 | ---- | C] () -- C:\Program Files\aprelium.htm
[2005/12/22 10:12:31 | 003,581,919 | ---- | C] () -- C:\Program Files\avant.exe
[2005/12/22 10:07:25 | 003,843,584 | ---- | C] () -- C:\Program Files\Opera851.exe
[2005/12/20 20:11:49 | 003,589,338 | ---- | C] () -- C:\Program Files\phpMyAdmin-2.7.0-pl1.zip
[2005/12/13 00:13:57 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/23 18:35:02 | 000,000,730 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/10/02 00:34:28 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Gnucleus.INI
[2005/09/03 02:45:29 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Superego\NTUSER.DAT
[2005/09/03 02:45:29 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Superego\ntuser.dat.LOG
[2005/09/03 02:45:29 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Superego\NTUSER.INI
[2005/08/09 18:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 18:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 18:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/11 15:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/06/09 21:39:41 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Ego\NTUSER.DAT
[2005/06/09 21:39:41 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Ego\ntuser.dat.LOG
[2005/06/09 21:39:41 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Ego\NTUSER.INI
[2005/06/01 22:02:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/19 04:19:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/05/12 06:05:21 | 000,000,168 | ---- | C] () -- C:\WINDOWS\Clipbook.INI
[2005/04/30 15:33:50 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\PFP120JPR.{PB
[2005/04/30 15:33:50 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\PFP120JCM.{PB
[2005/04/27 02:57:41 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Anney\Application Data\PFP120JPR.{PB
[2005/04/27 02:57:41 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Anney\Application Data\PFP120JCM.{PB
[2005/04/27 02:36:41 | 003,932,160 | -H-- | C] () -- C:\Documents and Settings\Anney\NTUSER.DAT
[2005/04/27 02:36:41 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Anney\ntuser.dat.LOG
[2005/04/27 02:36:41 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Anney\NTUSER.INI
[2005/04/26 15:32:55 | 008,126,464 | -H-- | C] () -- C:\Documents and Settings\Andy\NTUSER.DAT
[2005/04/26 15:32:55 | 000,102,400 | -H-- | C] () -- C:\Documents and Settings\Andy\ntuser.dat.LOG
[2005/04/26 15:32:55 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Andy\NTUSER.INI
[2005/02/18 04:43:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/18 04:36:38 | 000,000,321 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/18 04:25:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2005/02/18 04:25:42 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2005/02/18 04:08:04 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/22 14:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/17 23:00:00 | 000,073,748 | -H-- | C] () -- C:\WINDOWS\System32\Iasex.dll
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:08:16 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\NTUSER.INI
[2004/08/10 15:08:14 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.INI
[2004/08/04 07:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2004/08/04 07:00:00 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\diskchk.sys
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2001/10/24 20:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2001/08/17 15:52:22 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\ULTRA.SYS
[2001/07/06 20:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1980/01/01 08:00:00 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[1980/01/01 08:00:00 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/04/12 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\7F09BA5B11656A7EB8B918C068FE19F0
[2008/01/05 06:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\acccore
[2005/04/27 22:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Aim
[2005/12/02 19:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Alien Skin
[2009/02/12 08:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Avant Browser
[2009/11/27 01:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\BitTorrent
[2009/02/19 00:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\DNA
[2006/12/19 00:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\iMesh
[2005/08/11 21:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Leadertech
[2008/09/05 23:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\LimeWire
[2005/12/24 12:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Netscape
[2005/12/22 10:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Opera
[2007/01/27 19:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Viewpoint
[2005/05/22 03:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anney\Application Data\Aim
[2005/07/08 03:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anney\Application Data\Leadertech
[2005/11/23 18:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anney\Application Data\Musicmatch
[2010/01/15 05:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/01/01 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2009/08/22 18:54:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/08/22 18:54:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:ntoskrnl.exe
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:ntoskrnl.exe
[2009/08/22 18:54:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:ntoskrnl.exe
[2009/12/09 03:52:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
[2009/12/08 14:14:02 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=128D88B3176E70B2E3088ECEB842B673 -- C:\WINDOWS\$hf_mig$\KB977165\SP2QFE\ntoskrnl.exe
[2008/08/14 06:00:45 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=21C91DA9CB53AA8A37041BA9684A8458 -- C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe
[2005/03/01 21:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2008/08/14 19:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2005/03/01 20:59:53 | 002,179,328 | ---- | M] (Microsoft Corporation) MD5=4D4CF2C14550A4B7718E94A6E581856E -- C:\I386\ntoskrnl.exe
[2005/03/01 20:59:53 | 002,179,328 | ---- | M] (Microsoft Corporation) MD5=4D4CF2C14550A4B7718E94A6E581856E -- C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
[2009/12/08 14:55:25 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=5648297DBF1C631164F779863DF9D5BF -- C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
[2009/12/08 14:55:25 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=5648297DBF1C631164F779863DF9D5BF -- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
[2009/12/08 14:55:25 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=5648297DBF1C631164F779863DF9D5BF -- C:\WINDOWS\SYSTEM32\ntoskrnl.exe
[2007/02/28 05:10:57 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=582A8DBAA58C3B1F176EB2817DAEE77C -- C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe
[2007/02/28 05:55:14 | 002,182,144 | ---- | M] (Microsoft Corporation) MD5=5A5C8DB4AA962C714C8371FBDF189FC9 -- C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[2009/02/06 06:32:03 | 002,186,112 | ---- | M] (Microsoft Corporation) MD5=6A936E9D7BADAF3CAAEED1E1966EC1B0 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[2009/12/08 15:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe
[2009/02/06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[2009/08/04 23:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[2009/08/04 08:51:17 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=8DF112C341425F29DB4566B8D2A96A7F -- C:\WINDOWS\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[2006/12/19 10:17:19 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=8F0DEAB1F81FB83F9C5995853CE48B9F -- C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
[2004/08/04 07:00:00 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=CE218BC7088681FAA06633E218596CA7 -- C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
[2008/08/14 05:57:20 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=CE69DBD54221F2D40E49FF6DB77C6507 -- C:\WINDOWS\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[2006/12/19 12:51:12 | 002,182,016 | ---- | M] (Microsoft Corporation) MD5=CEF243F6DEFD20BE4ADDE26C7ECACB54 -- C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[2009/08/04 10:00:46 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=D6B537A639D623ED85B73AF3E3BE4B94 -- C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe
[2008/08/14 06:11:02 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EEAF32F8E15A24F62BECB1BD403BB5C5 -- C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[2009/02/07 22:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009/02/06 13:24:35 | 002,180,480 | ---- | M] (Microsoft Corporation) MD5=FACEBB0CA3154F77009CDFEE78A00BBB -- C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
[2009/02/06 13:24:35 | 002,180,480 | ---- | M] (Microsoft Corporation) MD5=FACEBB0CA3154F77009CDFEE78A00BBB -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\ntoskrnl.exe
[2009/08/04 09:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\I386\USERINIT.EXE
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SYSTEM32\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

< %SYSTEMDRIVE%\*.* >
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/05/09 23:53:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/21 19:47:55 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2004/08/04 02:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/08/27 19:31:59 | 000,036,494 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/02/18 04:11:58 | 000,004,305 | RH-- | M] () -- C:\DELL.SDR
[2005/12/02 19:38:05 | 000,021,680 | ---- | M] () -- C:\EyeCandyLog.txt
[2005/12/05 03:57:03 | 000,087,552 | ---- | M] () -- C:\frenchrevcartoondoc.doc
[2005/12/05 04:13:00 | 000,131,584 | ---- | M] () -- C:\frenchrevfillinblank.doc
[2010/04/12 22:24:30 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/10 15:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/02/18 03:45:27 | 000,003,392 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2002/01/05 07:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2005/04/26 22:21:47 | 000,000,941 | ---- | M] () -- C:\net_save.dna
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/22 19:39:24 | 000,250,032 | RHS- | M] () -- C:\NTLDR
[2009/08/22 20:03:23 | 000,002,082 | ---- | M] () -- C:\RootRepeal report 08-22-09 (17-03-23).txt
[2009/08/22 20:05:52 | 000,002,082 | ---- | M] () -- C:\RootRepeal report 08-22-09 (17-05-52).txt
[2009/08/22 20:06:45 | 000,002,096 | ---- | M] () -- C:\RootRepeal report 08-22-09 (17-06-45).txt
[2009/08/22 20:07:57 | 000,002,082 | ---- | M] () -- C:\RootRepeal report 08-22-09 (17-07-57).txt
[2009/08/22 20:08:36 | 000,002,082 | ---- | M] () -- C:\RootRepeal report 08-22-09 (17-08-36).txt
[2009/08/22 20:17:35 | 000,002,694 | ---- | M] () -- C:\RootRepeal report 08-22-09 (17-17-35).txt
[2009/08/27 21:35:39 | 000,003,084 | ---- | M] () -- C:\RootRepeal report 08-27-09 (18-35-39).txt
[2010/04/12 22:25:33 | 000,001,527 | ---- | M] () -- C:\SMax.log
[2005/02/18 04:27:14 | 000,001,529 | ---- | M] () -- C:\SMax.log.bak
[2006/04/03 22:03:53 | 000,003,341 | ---- | M] () -- C:\smitfiles.txt
[2008/08/12 05:21:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/08/12 08:48:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/04 17:18:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/05 03:43:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/06 00:17:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/06 07:42:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/06 18:51:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/01/20 16:35:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/01/21 07:04:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/01/21 19:48:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/07/29 18:46:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/07/30 16:19:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/07/31 21:06:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/08/01 12:38:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/08/02 02:50:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/08/04 06:47:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/08/05 05:17:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/08/06 05:56:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/08/06 08:07:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/08/07 18:08:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/08/12 05:21:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/08/12 08:48:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/04 17:18:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/05 03:43:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/06 00:17:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/06 07:42:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/06 18:51:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/01/20 16:35:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/01/21 07:04:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/01/21 19:48:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/07/29 18:46:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/07/30 16:19:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/07/31 21:06:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/08/01 12:38:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/08/02 02:50:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/08/04 06:47:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/08/05 05:17:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/08/06 05:56:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/08/06 08:07:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/08/07 18:08:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2005/02/18 04:41:32 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

========== Files - Unicode (All) ==========
[2005/07/09 07:36:13 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\Anney\My Documents\???.doc) -- C:\Documents and Settings\Anney\My Documents\딸기볼.doc
[2005/07/09 07:36:12 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\Anney\My Documents\???.doc) -- C:\Documents and Settings\Anney\My Documents\딸기볼.doc
< End of report >


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:13 AM

Posted 29 April 2010 - 11:57 AM

Save these in the flash drive.
  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :OTL
    SRV - [2004/08/17 23:00:00 | 000,073,748 | -H-- | M] () [Auto] -- C:\WINDOWS\SYSTEM32\Iasex.dll -- (Ias)
    SRV - [2004/08/04 07:00:00 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\SYSTEM32\6to4v32.dll -- (6to4)
    DRV - [2010/04/12 22:45:45 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\SYSTEM32\DRIVERS\ohktv.sys -- (ohktv)
    DRV - [2010/04/12 22:14:10 | 000,044,544 | ---- | M] () [Kernel | System] -- C:\WINDOWS\PRAGMAuidibcrpte\PRAGMAd.sys -- (PRAGMAuidibcrpte)
    DRV - [2004/08/04 07:00:00 | 000,002,304 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\diskchk.sys -- (diskchk)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL ()
    O4 - HKU\Andy_ON_C..\Run: [appreg70700.exe] C:\Documents and Settings\Andy\Application Data\7F09BA5B11656A7EB8B918C068FE19F0\appreg70700.exe (MS)
    O4 - HKU\Andy_ON_C..\Run: [davclnt.exe] C:\Documents and Settings\Andy\Local Settings\Temp\davclnt.exe (Microsoft Corporation)
    O4 - HKU\Andy_ON_C..\Run: [Digital Protection] C:\Program Files\Digital Protection\digprot.exe ()
    O4 - HKU\Andy_ON_C..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\Documents and Settings\Andy\Local Settings\Temp\om17g.exe ()
    O4 - HKU\Andy_ON_C..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\Andy\Local Settings\Temp\win16.exe ()
    O4 - HKU\Andy_ON_C..\Run: [notepad] C:\Documents and Settings\LocalService\ntload.dll ()
    O4 - HKU\Anney_ON_C..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
    O4 - HKU\Ego_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
    O4 - Startup: C:\Documents and Settings\Andy\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Andy\Application Data\7F09BA5B11656A7EB8B918C068FE19F0\appreg70700.exe (MS)
    O4 - Startup: C:\Documents and Settings\Andy\Start Menu\Programs\Startup\scandisk.dll ()
    O4 - Startup: C:\Documents and Settings\Andy\Start Menu\Programs\Startup\scandisk.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\Andy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\Andy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\Andy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    [2005/07/09 07:36:13 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\Anney\My Documents\???.doc) -- C:\Documents and Settings\Anney\My Documents\딸기볼.doc
    [2005/07/09 07:36:12 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\Anney\My Documents\???.doc) -- C:\Documents and Settings\Anney\My Documents\딸기볼.doc

    :files
    C:\Program Files\Digital Protection
    C:\WINDOWS\PRAGMAuidibcrpte
    C:\Documents and Settings\Andy\Desktop\Digital Protection Support.lnk
    C:\Documents and Settings\Andy\Desktop\Digital Protection.lnk
    C:\Documents and Settings\Andy\Local Settings\Application Data\4T227ly4
    C:\Documents and Settings\Andy\Local Settings\Application Data\3397709227.dll
    C:\WINDOWS\System32\PRAGMAtxsrkltepx.dat
    C:\WINDOWS\System32\PRAGMAjxdrcthemt.dll
    C:\WINDOWS\System32\PRAGMAmttpuyatmc.dll
    C:\WINDOWS\System32\PRAGMAcjmovstget.dll
    C:\WINDOWS\System32\PRAGMAjmodyiktro.dll
    C:\WINDOWS\System32\PRAGMAumupkrdhlx.dll
    C:\Documents and Settings\Andy\Start Menu\Programs\Startup\scandisk.lnk
    C:\Documents and Settings\Andy\Local Settings\Application Data\ave.exe
    C:\WINDOWS\System32\lb57r.dll
    C:\Documents and Settings\Andy\Local Settings\Application Data\1040348557
    C:\ComboFix.txt
    C:\WINDOWS\System32\drivers\ohktv.sys
    C:\Documents and Settings\Andy\Local Settings\Application Data\ave.exe
    C:\WINDOWS\System32\lb57r.dll
    C:\Documents and Settings\Andy\My Documents\~$llarapril.doc
    C:\Documents and Settings\LocalService\ntload.dll
    C:\Documents and Settings\Andy\ntload.dll
    C:\WINDOWS\System32\notepad.dll
    C:\sqmdata00.sqm
    C:\sqmdata01.sqm
    C:\sqmdata02.sqm
    C:\sqmdata03.sqm
    C:\sqmdata04.sqm
    C:\sqmdata05.sqm
    C:\sqmdata06.sqm
    C:\sqmdata07.sqm
    C:\sqmdata08.sqm
    C:\sqmdata09.sqm
    C:\sqmdata10.sqm
    C:\sqmdata11.sqm
    C:\sqmdata12.sqm
    C:\sqmdata13.sqm
    C:\sqmdata14.sqm
    C:\sqmdata15.sqm
    C:\sqmdata16.sqm
    C:\sqmdata17.sqm
    C:\sqmdata18.sqm
    C:\sqmdata19.sqm
    C:\sqmnoopt00.sqm
    C:\sqmnoopt01.sqm
    C:\sqmnoopt02.sqm
    C:\sqmnoopt03.sqm
    C:\sqmnoopt04.sqm
    C:\sqmnoopt05.sqm
    C:\sqmnoopt06.sqm
    C:\sqmnoopt07.sqm
    C:\sqmnoopt08.sqm
    C:\sqmnoopt09.sqm
    C:\sqmnoopt10.sqm
    C:\sqmnoopt11.sqm
    C:\sqmnoopt12.sqm
    C:\sqmnoopt13.sqm
    C:\sqmnoopt14.sqm
    C:\sqmnoopt15.sqm
    C:\sqmnoopt16.sqm
    C:\sqmnoopt17.sqm
    C:\sqmnoopt18.sqm
    C:\sqmnoopt19.sqm
    C:\StubInstaller.exe
    C:\RootRepeal report 08-22-09 (17-03-23).txt
    C:\RootRepeal report 08-22-09 (17-05-52).txt
    C:\RootRepeal report 08-22-09 (17-06-45).txt
    C:\RootRepeal report 08-22-09 (17-07-57).txt
    C:\RootRepeal report 08-22-09 (17-08-36).txt
    C:\RootRepeal report 08-22-09 (17-17-35).txt
    C:\RootRepeal report 08-27-09 (18-35-39).txt
    C:\SMax.log
    C:\SMax.log.bak
    C:\smitfiles.txt

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users