Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR virus removed now get BSOD 0x0000007F error


  • This topic is locked This topic is locked
26 replies to this topic

#1 btanoue

btanoue

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 24 July 2010 - 09:25 PM

Hello,

Its been a long long day....

Here is what I did.

Found spyware/malware on winxp.
Located it on MBR
Ran remover.exe to clean the mbr of the virus.

After reboot keep getting a reboot loop with the 0x0000007F error.
Got into recovery console.
Ran fixmbr and fixboot.

Still getting error
Ran UBCD4Win to go back to an earlier registry (just in case)

Still getting reboot loop.

Any help would be awesome, as my brain is Jello.

Thank Ya All.
btanoue

BC AdBot (Login to Remove)

 


#2 btanoue

btanoue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 24 July 2010 - 10:39 PM

Forgot to mention that I did run chkdsk from recovery console.
I also booted with ubuntu and did a memtest.
Memory was OK.

Sorry about the double post.

btanoue

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:57 PM

Posted 24 July 2010 - 10:40 PM

Hi, btanoue smile.gif

welcome.gif

Download OTLPE from any of the following links:

http://oldtimer.geekstogo.com/OTLPE.zip
http://www.itxassociates.com/OT-Tools/OTLPE.zip

Extract its contents to a flash drive, then insert the flash drive into the sick computer.
  • Boot with the The Ultimate Boot CD For Windows (UBCD4WIN), and follow these steps.
    • Once in the UBCD4WIN desktop, click on My Computer and navigate to the flash drive.
    • Open the OTLPE folder.
  • Double-click on the Start.CMD file.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked, expand the hard drive letter (usually C:), browse to the Windows directory, select it and click OK.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      UXTHEME.DLL
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.




No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:57 PM

Posted 24 July 2010 - 10:49 PM

Moved to Virus, Trojan, Spyware, and Malware Removal Logs forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 btanoue

btanoue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 25 July 2010 - 10:55 AM

JSntgRvr,

First I would like to say Thank You for taking the time to read my post.
I have done what you instructed, but I did not get any prompt to ask about the windows directory.
Hope that is OK. The log file seems like it did find everything though.

Here is a paste of the OLT.txt file

OTL logfile created on: 7/25/2010 3:40:39 PM - Run

OTLPE by OldTimer - Version 3.1.40.0 Folder = C:\OTLPE\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 222.79 Gb Total Space | 199.42 Gb Free Space | 89.51% Space Free | Partition Type: NTFS

Drive D: | 10.09 Gb Total Space | 0.60 Gb Free Space | 5.90% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 662.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS



Computer Name: BARTPE-26164

Current User Name: SYSTEM

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001



========== Win32 Services (SafeList) ==========



SRV - [2010/04/08 18:44:54 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2010/04/08 18:09:42 | 001,024,368 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)

SRV - [2010/04/08 18:09:40 | 000,988,456 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)

SRV - [2008/02/28 05:12:22 | 000,155,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\imapihp.exe -- (ImapiService)

SRV - [2007/12/12 19:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Auto] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)

SRV - [2007/05/08 16:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2007/04/30 16:28:34 | 000,172,131 | ---- | M] (Hewlett-Packard Ltd) [On_Demand] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)

SRV - [2007/04/27 18:58:58 | 000,221,184 | ---- | M] (SafeBoot International) [Auto] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)

SRV - [2007/02/07 01:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)

SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2006/12/04 20:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)

SRV - [2006/06/22 05:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)





========== Driver Services (All) ==========



DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | Disabled] -- -- (ultra)

DRV - File not found [Kernel | Disabled] -- -- (TosIde)

DRV - File not found [Kernel | Disabled] -- -- (symc8xx)

DRV - File not found [Kernel | Disabled] -- -- (symc810)

DRV - File not found [Kernel | Disabled] -- -- (sym_u3)

DRV - File not found [Kernel | Disabled] -- -- (sym_hi)

DRV - File not found [Kernel | Disabled] -- -- (Sparrow)

DRV - File not found [Kernel | Disabled] -- -- (Simbad)

DRV - File not found [Kernel | Disabled] -- -- (ql1280)

DRV - File not found [Kernel | Disabled] -- -- (ql1240)

DRV - File not found [Kernel | Disabled] -- -- (ql12160)

DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)

DRV - File not found [Kernel | Disabled] -- -- (ql1080)

DRV - File not found [Kernel | Disabled] -- -- (perc2hib)

DRV - File not found [Kernel | Disabled] -- -- (perc2)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys -- (Nmea)

DRV - File not found [Kernel | Disabled] -- -- (mraid35x)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | Disabled] -- -- (ini910u)

DRV - File not found [Kernel | Disabled] -- -- (i2omp)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | Disabled] -- -- (hpn)

DRV - File not found [Kernel | Disabled] -- -- (dpti2o)

DRV - File not found [Kernel | Disabled] -- -- (dac960nt)

DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)

DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)

DRV - File not found [Kernel | Disabled] -- -- (CmdIde)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)

DRV - File not found [Kernel | Disabled] -- -- (Atdisk)

DRV - File not found [Kernel | Disabled] -- -- (asc3550)

DRV - File not found [Kernel | Disabled] -- -- (asc3350p)

DRV - File not found [Kernel | Disabled] -- -- (asc)

DRV - File not found [Kernel | Disabled] -- -- (amsint)

DRV - File not found [Kernel | Disabled] -- -- (aic78xx)

DRV - File not found [Kernel | Disabled] -- -- (aic78u2)

DRV - File not found [Kernel | Disabled] -- -- (Aha154x)

DRV - File not found [Kernel | Disabled] -- -- (adpu160m)

DRV - File not found [Kernel | Disabled] -- -- (abp480n5)

DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)

DRV - [2010/04/08 18:44:56 | 000,090,000 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2010/04/08 18:09:42 | 000,162,832 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2009/12/31 16:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)

DRV - [2009/12/04 20:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)

DRV - [2009/12/04 20:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)

DRV - [2009/12/04 20:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)

DRV - [2009/12/04 18:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)

DRV - [2009/12/02 16:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2009/12/02 16:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2009/12/02 16:12:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)

DRV - [2009/12/02 16:12:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)

DRV - [2009/12/02 16:12:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)

DRV - [2009/12/02 16:12:40 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)

DRV - [2009/10/20 16:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)

DRV - [2009/06/24 11:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)

DRV - [2009/01/09 21:18:02 | 000,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)

DRV - [2009/01/09 21:18:02 | 000,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimSerPort)

DRV - [2008/08/14 10:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)

DRV - [2008/06/20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)

DRV - [2008/05/21 00:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)

DRV - [2008/05/08 14:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/04/14 00:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)

DRV - [2008/04/14 00:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)

DRV - [2008/04/14 00:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)

DRV - [2008/04/14 00:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)

DRV - [2008/04/13 19:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)

DRV - [2008/04/13 19:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)

DRV - [2008/04/13 19:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)

DRV - [2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)

DRV - [2008/04/13 19:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)

DRV - [2008/04/13 19:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)

DRV - [2008/04/13 19:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)

DRV - [2008/04/13 19:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)

DRV - [2008/04/13 19:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)

DRV - [2008/04/13 19:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)

DRV - [2008/04/13 19:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)

DRV - [2008/04/13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)

DRV - [2008/04/13 19:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)

DRV - [2008/04/13 19:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)

DRV - [2008/04/13 19:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)

DRV - [2008/04/13 19:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)

DRV - [2008/04/13 18:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)

DRV - [2008/04/13 18:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)

DRV - [2008/04/13 18:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)

DRV - [2008/04/13 18:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)

DRV - [2008/04/13 18:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)

DRV - [2008/04/13 18:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)

DRV - [2008/04/13 18:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)

DRV - [2008/04/13 18:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)

DRV - [2008/04/13 18:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)

DRV - [2008/04/13 18:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)

DRV - [2008/04/13 18:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)

DRV - [2008/04/13 18:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)

DRV - [2008/04/13 18:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)

DRV - [2008/04/13 18:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)

DRV - [2008/04/13 18:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)

DRV - [2008/04/13 18:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)

DRV - [2008/04/13 18:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)

DRV - [2008/04/13 18:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)

DRV - [2008/04/13 18:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)

DRV - [2008/04/13 18:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)

DRV - [2008/04/13 18:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)

DRV - [2008/04/13 18:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)

DRV - [2008/04/13 18:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)

DRV - [2008/04/13 18:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)

DRV - [2008/04/13 18:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)

DRV - [2008/04/13 18:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)

DRV - [2008/04/13 18:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)

DRV - [2008/04/13 18:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)

DRV - [2008/04/13 18:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2008/04/13 18:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)

DRV - [2008/04/13 18:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)

DRV - [2008/04/13 18:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)

DRV - [2008/04/13 18:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)

DRV - [2008/04/13 18:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)

DRV - [2008/04/13 18:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)

DRV - [2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)

DRV - [2008/04/13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)

DRV - [2008/04/13 18:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)

DRV - [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)

DRV - [2008/04/13 18:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)

DRV - [2008/04/13 18:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)

DRV - [2008/04/13 18:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)

DRV - [2008/04/13 18:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)

DRV - [2008/04/13 18:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)

DRV - [2008/04/13 18:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)

DRV - [2008/04/13 18:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)

DRV - [2008/04/13 18:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)

DRV - [2008/04/13 18:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)

DRV - [2008/04/13 18:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)

DRV - [2008/04/13 18:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)

DRV - [2008/04/13 18:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)

DRV - [2008/04/13 18:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)

DRV - [2008/04/13 18:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)

DRV - [2008/04/13 18:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)

DRV - [2008/04/13 18:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)

DRV - [2008/04/13 18:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)

DRV - [2008/04/13 18:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)

DRV - [2008/04/13 18:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus)

DRV - [2008/04/13 18:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)

DRV - [2008/04/13 18:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)

DRV - [2008/04/13 18:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)

DRV - [2008/04/13 18:36:38 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)

DRV - [2008/04/13 18:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)

DRV - [2008/04/13 18:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)

DRV - [2008/04/13 18:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)

DRV - [2008/04/13 18:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)

DRV - [2008/04/13 18:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)

DRV - [2008/04/13 18:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)

DRV - [2008/04/13 18:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)

DRV - [2008/04/13 18:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)

DRV - [2008/04/13 18:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)

DRV - [2008/04/13 18:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)

DRV - [2008/04/13 18:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)

DRV - [2008/04/13 16:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)

DRV - [2008/04/13 16:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/07/13 04:52:20 | 002,156,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007/05/07 01:00:06 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007/05/07 01:00:06 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007/05/07 01:00:06 | 000,210,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007/05/07 01:00:06 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2007/04/27 03:23:36 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)

DRV - [2007/04/27 03:23:06 | 000,100,095 | ---- | M] (SafeBoot International) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2007/04/23 21:13:44 | 000,030,008 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)

DRV - [2007/04/19 14:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2007/04/12 14:26:08 | 000,250,776 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2007/04/10 23:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV - [2007/04/04 19:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2007/04/03 09:44:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®

DRV - [2007/03/30 00:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2007/03/01 11:45:58 | 000,289,792 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/02/14 14:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2007/02/14 14:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2007/02/14 14:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2007/02/14 14:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2007/02/14 14:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2007/01/12 13:04:44 | 000,201,856 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2006/12/28 12:44:44 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)

DRV - [2006/12/20 01:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)

DRV - [2006/11/02 15:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)

DRV - [2006/10/09 21:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)

DRV - [2006/09/29 03:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)

DRV - [2006/09/29 02:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)

DRV - [2006/08/07 06:57:30 | 000,093,952 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)

DRV - [2006/07/24 11:00:00 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)

DRV - [2006/07/24 04:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2006/07/24 04:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2006/06/28 17:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2005/09/06 16:39:30 | 000,024,521 | ---- | M] (Nortel Networks) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)

DRV - [2005/09/06 16:39:14 | 000,155,184 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)

DRV - [2005/09/06 16:39:14 | 000,155,184 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)

DRV - [2005/03/14 19:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2004/08/04 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)

DRV - [2004/08/04 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)

DRV - [2004/08/04 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)

DRV - [2004/08/04 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)

DRV - [2004/08/04 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2004/08/04 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)

DRV - [2004/08/04 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)

DRV - [2004/08/04 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)

DRV - [2004/08/04 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

DRV - [2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)

DRV - [2004/08/04 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)

DRV - [2004/08/04 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)

DRV - [2004/08/04 08:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)

DRV - [2004/08/04 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)

DRV - [2004/08/04 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)

DRV - [2004/08/04 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)

DRV - [2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)

DRV - [2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)

DRV - [2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)

DRV - [2004/08/04 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)

DRV - [2004/08/04 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)

DRV - [2001/08/17 20:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [2001/08/17 17:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)

DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)

DRV - [2001/08/17 15:51:52 | 000,003,328 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)

DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)

DRV - [2001/08/17 08:51:32 | 000,019,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasirda.sys -- (Rasirda) WAN Miniport (IrDA)





========== Standard Registry (All) ==========





========== Internet Explorer ==========



IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm





IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\user_1_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\user_1_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\user_1_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\user_1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\user_1_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\user_1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\user_1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\user_1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643





IE - HKU\user_2_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\user_2_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\user_2_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\user_2_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\user_2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0







FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/09 16:16:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 01:30:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/22 01:30:30 | 000,000,000 | ---D | M]



[2010/07/22 01:29:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/22 01:30:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/02/09 16:16:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2010/02/10 00:54:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010/07/22 01:30:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/07/22 01:30:24 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/03/11 04:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll

[2010/03/11 04:40:14 | 000,013,168 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\cgpcfg.dll

[2010/03/11 04:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll

[2010/03/11 04:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll

[2010/03/11 04:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll

[2010/03/11 04:00:04 | 000,255,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxmui.dll

[2010/03/11 04:01:40 | 000,031,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\icafile.dll

[2010/03/11 04:01:12 | 000,040,304 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\icalogon.dll

[2009/12/17 22:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/03/11 04:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll

[2010/07/22 01:30:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2003/07/15 02:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2009/08/16 01:49:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/08/16 01:49:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/08/16 01:49:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/08/16 01:49:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/08/16 01:49:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/08/16 01:49:42 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/08/16 01:49:42 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/10/05 17:49:28 | 000,652,640 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\sslsdk_b.dll

[2010/03/11 04:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

[2010/04/01 15:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/04/01 15:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/04/01 15:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/04/01 15:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/04/01 15:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/04/01 15:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/04/01 15:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml



O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKU\user_1_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\user_1_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\user_1_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\user_1_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKU\user_2_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\user_2_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\user_2_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\user_2_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()

O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKU\user_1_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\user_1_ON_C..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKU\user_1_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKU\user_1_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\user_2_ON_C..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)

O4 - HKU\user_2_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\user_2_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

O4 - Startup: C:\Documents and Settings\user_1\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\user_2\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Access\Office\FINDFAST.EXE ()

O4 - Startup: C:\Documents and Settings\user_2\Start Menu\Programs\Startup\Office Startup.lnk = C:\Access\Office\OSA.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\user_1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\user_1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\user_2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\user_2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-US\local\search.html ()

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1220373064281 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rimsupport.webex.com/client/T23L/support/ieatgpc.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Instrument.deg

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape Wide.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape Wide.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2010/07/25 15:35:15 | 000,000,000 | ---D | C] -- C:\OTLPE

[2010/07/23 23:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user_1\Application Data\Avira

[2010/07/23 22:34:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010/07/23 22:34:51 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/07/23 22:34:51 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/07/23 22:34:51 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010/07/23 22:34:51 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010/07/23 22:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/07/23 22:32:49 | 000,000,000 | ---D | C] -- C:\bootkit_remover

[2010/07/23 14:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/07/23 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/07/23 13:02:59 | 000,085,504 | ---- | C] (Dell Inc.) -- C:\Documents and Settings\user_1\Local Settings\Application Data\watchdog.exe

[2010/07/23 00:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Desktop

[2010/07/23 00:35:53 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/07/23 00:35:49 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/07/23 00:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user_1\Local Settings\Application Data\Sunbelt Software

[2010/07/23 00:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/07/23 00:21:15 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\user_1\Desktop\Ad-AwareInstall.exe

[2010/07/21 14:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user_1\Application Data\Malwarebytes

[2010/07/21 14:42:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/07/21 14:42:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/07/21 14:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/07/21 14:42:21 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user_1\Desktop\mbam-setup.exe

[2010/07/21 14:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/07/21 14:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/07/21 13:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user_1\Local Settings\Application Data\eciskredd

[2009/10/19 18:19:19 | 000,585,728 | ---- | C] (Hewlett-Packard Company) -- C:\Documents and Settings\user_1\HPAsset.exe

[2009/10/19 18:19:19 | 000,040,960 | ---- | C] (Hewlett-Packard Company) -- C:\Documents and Settings\user_1\hpmonZ.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2010/07/25 15:38:44 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/07/24 17:35:23 | 000,000,269 | RHS- | M] () -- C:\boot.ini

[2010/07/24 00:03:12 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\user_1\NTUSER.DAT

[2010/07/24 00:03:12 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/07/24 00:03:12 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/07/24 00:03:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/07/23 23:02:30 | 000,489,220 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/07/23 23:02:30 | 000,414,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/07/23 23:02:30 | 000,066,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/07/23 22:58:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/07/23 22:58:12 | 000,000,020 | ---- | M] () -- C:\KBSERVICE.BOOTUP.RUNNING

[2010/07/23 22:57:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/07/23 22:56:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user_1\ntuser.ini

[2010/07/23 22:54:22 | 000,085,504 | ---- | M] (Dell Inc.) -- C:\Documents and Settings\user_1\Local Settings\Application Data\watchdog.exe

[2010/07/23 22:30:26 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\avira_antivir_personal_en.exe

[2010/07/23 19:41:08 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin

[2010/07/23 19:17:01 | 000,016,078 | ---- | M] () -- C:\WINDOWS\cfgall.ini

[2010/07/23 17:25:28 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\user_1\.recently-used.xbel

[2010/07/23 12:26:58 | 000,111,672 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/07/23 00:35:49 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/07/23 00:25:52 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\user_1\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/07/23 00:23:04 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\user_1\Desktop\Ad-AwareInstall.exe

[2010/07/23 00:17:08 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\ProcessExplorer.zip

[2010/07/22 20:53:10 | 004,316,720 | -H-- | M] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\IconCache.db

[2010/07/21 16:19:13 | 000,002,179 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\stace

[2010/07/21 13:58:52 | 000,002,804 | ---- | M] () -- C:\WINDOWS\oqatapimo.dll

[2010/07/21 13:47:12 | 000,002,804 | ---- | M] () -- C:\WINDOWS\inayimax.dll

[2010/07/19 13:38:33 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\China Production Timeline 1.ppt

[2010/07/19 12:25:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/07/17 04:20:22 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\Nagano_Directors 072310.xls

[2010/07/16 21:07:50 | 007,514,624 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\Nagano Directors Meeting 072310.doc

[2010/07/16 15:49:01 | 007,372,800 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\AshChina4photos.doc

[2010/07/12 08:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/07/12 08:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/07/09 12:29:05 | 000,001,754 | RHS- | M] () -- C:\Documents and Settings\user_1\ntuser.pol

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]



========== Files Created - No Company Name ==========



[2010/07/23 22:58:12 | 000,000,020 | ---- | C] () -- C:\KBSERVICE.BOOTUP.RUNNING

[2010/07/23 22:29:57 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\avira_antivir_personal_en.exe

[2010/07/23 17:25:28 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\user_1\.recently-used.xbel

[2010/07/23 13:03:05 | 000,001,400 | ---- | C] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\KBOXUserExtension.log

[2010/07/23 02:24:17 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/07/23 00:39:02 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/07/23 00:25:52 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\user_1\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/07/23 00:17:10 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\ProcessExplorer.zip

[2010/07/21 16:19:13 | 000,002,179 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\stace

[2010/07/21 13:58:52 | 000,002,804 | ---- | C] () -- C:\WINDOWS\oqatapimo.dll

[2010/07/21 13:47:12 | 000,002,804 | ---- | C] () -- C:\WINDOWS\inayimax.dll

[2010/07/19 12:38:24 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\China Production Timeline 1.ppt

[2010/07/17 04:18:11 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\Nagano_Directors 072310.xls

[2010/07/16 20:19:09 | 007,514,624 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\Nagano Directors Meeting 072310.doc

[2010/07/16 15:48:51 | 007,372,800 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\AshChina4photos.doc

[2010/05/06 19:32:07 | 000,007,987 | ---- | C] () -- C:\Documents and Settings\user_1\RedNotebook-Backup_2010-05-06.zip

[2010/04/11 17:21:34 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys

[2009/10/21 18:30:09 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2009/10/19 18:19:50 | 000,242,867 | ---- | C] () -- C:\Documents and Settings\user_1\hpasset.xml

[2009/10/19 18:19:28 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\user_1\SMSTUB16.DMP

[2009/10/19 18:19:19 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\user_1\zlib.dll

[2009/10/19 18:19:19 | 000,036,208 | ---- | C] () -- C:\Documents and Settings\user_1\Dscan16.dll

[2009/10/19 18:19:19 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\user_1\shortcut.exe

[2009/10/19 18:19:19 | 000,017,477 | ---- | C] () -- C:\Documents and Settings\user_1\Smstub16.exe

[2009/10/19 18:19:19 | 000,005,694 | ---- | C] () -- C:\Documents and Settings\user_1\ispro.ico

[2009/10/19 18:19:19 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\user_1\Smstub16.pif

[2009/09/16 18:04:56 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/02 15:16:16 | 000,000,483 | RH-- | C] () -- C:\Documents and Settings\user_1\xw45cpdy.dyc

[2008/11/18 18:56:59 | 000,001,064 | RH-- | C] () -- C:\Documents and Settings\user_1\XrxWm.ini

[2008/11/18 18:56:59 | 000,000,483 | RH-- | C] () -- C:\Documents and Settings\user_1\xwl50pdy.dyc

[2008/11/04 15:27:44 | 000,001,754 | RHS- | C] () -- C:\Documents and Settings\user_1\ntuser.pol

[2008/11/04 15:27:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\QSwitch.txt

[2008/11/04 15:27:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\DSwitch.txt

[2008/11/04 15:27:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\AtStart.txt

[2008/11/04 15:27:40 | 004,456,448 | -H-- | C] () -- C:\Documents and Settings\user_1\NTUSER.DAT

[2008/11/04 15:27:40 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\user_1\ntuser.dat.LOG

[2008/11/04 15:27:40 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\user_1\ntuser.ini

[2008/09/03 19:51:54 | 000,001,064 | RH-- | C] () -- C:\Documents and Settings\user_2\XrxWm.ini

[2008/09/03 19:51:54 | 000,000,483 | RH-- | C] () -- C:\Documents and Settings\user_2\xw45cpdy.dyc

[2008/09/03 16:42:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\WDTCPCON.INI

[2008/09/03 01:12:11 | 000,000,871 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/09/03 01:05:50 | 000,016,078 | ---- | C] () -- C:\WINDOWS\cfgall.ini

[2008/09/03 00:55:43 | 000,001,754 | RHS- | C] () -- C:\Documents and Settings\user_2\ntuser.pol

[2008/09/03 00:55:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_2\Local Settings\Application Data\QSwitch.txt

[2008/09/03 00:55:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_2\Local Settings\Application Data\DSwitch.txt

[2008/09/03 00:55:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_2\Local Settings\Application Data\AtStart.txt

[2008/09/03 00:55:39 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\user_2\NTUSER.DAT

[2008/09/03 00:55:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\user_2\ntuser.dat.LOG

[2008/09/03 00:55:39 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\user_2\ntuser.ini

[2008/09/02 18:32:20 | 000,000,894 | ---- | C] () -- C:\WINDOWS\winzip.ini

[2008/08/30 03:46:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/08/30 03:46:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/08/30 03:46:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/08/30 03:46:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/08/30 03:46:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/08/30 03:46:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/02/28 05:22:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\QSwitch.txt

[2008/02/28 05:22:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DSwitch.txt

[2008/02/28 05:22:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AtStart.txt

[2008/02/28 04:50:57 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2008/02/28 04:50:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI

[2008/02/28 04:26:30 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2008/02/28 04:26:30 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG

[2008/02/28 04:26:30 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini

[2008/02/28 04:26:29 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2008/02/28 04:26:29 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[2008/02/28 04:26:29 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini

[2008/02/28 04:24:33 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT

[2008/02/28 04:24:33 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG

[2008/01/14 21:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll

[2007/04/30 16:31:14 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll

[2007/02/06 19:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2007/02/06 18:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2007/01/19 14:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/19 07:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/19 07:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2005/02/17 15:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 15:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2004/08/07 13:19:22 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2004/08/07 13:19:22 | 000,110,592 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG

[2004/08/07 13:19:22 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2004/08/07 13:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/08/07 13:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001/08/17 15:51:52 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciide.sys

[1998/05/07 02:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

[1996/11/17 04:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1996/11/17 04:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996/11/17 04:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL



========== LOP Check ==========



[2010/04/12 14:44:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Bytemobile

[2008/02/28 04:42:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView

[2008/02/28 04:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView

[2010/04/11 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\Bytemobile

[2010/05/06 19:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\gtk-2.0

[2010/06/16 13:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\ICAClient

[2009/03/04 14:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\InterVideo

[2010/02/09 21:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\OmegaT

[2010/02/09 18:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\OpenOffice.org

[2008/12/20 00:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\Opera

[2009/10/21 12:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\Research In Motion

[2008/02/28 04:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\SampleView

[2010/04/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\Sierra Wireless

[2009/03/24 12:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\Xerox

[2008/02/28 04:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_2\Application Data\SampleView

[2010/07/23 22:58:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job



========== Purity Check ==========







========== Custom Scans ==========







< MD5 for: AGP440.SYS >

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/09/02 17:14:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/09/02 17:14:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys



< MD5 for: ATAPI.SYS >

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/09/02 17:14:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/09/02 17:14:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys



< MD5 for: EVENTLOG.DLL >

[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll



< MD5 for: EXPLORER.EXE >

[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe



< MD5 for: IASTOR.SYS >

[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\SwSetup\HDD\iastor.sys

[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iaStor.sys



< MD5 for: NETLOGON.DLL >

[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll



< MD5 for: NTOSKRNL.EXE >

[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:ntoskrnl.exe

[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe

[2008/09/02 17:14:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe

[2008/09/02 17:14:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe

[2009/12/09 04:52:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

[2008/04/13 19:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe

[2009/02/06 11:06:41 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=0CBA44D0938D57F334C0862424148B70 -- C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe

[2008/08/14 21:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[2008/04/13 19:24:37 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=40F8880122A030A7E9E1FEDEA833B33D -- C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe

[2006/12/19 16:49:02 | 002,137,600 | ---- | M] (Microsoft Corporation) MD5=57B9D140E1EB8B0EA06DF927B63B0EEE -- C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe

[2004/08/04 07:18:32 | 002,148,352 | ---- | M] (Microsoft Corporation) MD5=626309040459C3915997EF98EC1C8D40 -- C:\WINDOWS\$NtUninstallKB929338_0$\ntoskrnl.exe

[2009/12/08 19:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

[2009/12/08 19:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

[2009/08/04 15:13:08 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=78FCC97CD878D4CF5B5D2158A5A7CF92 -- C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe

[2006/12/19 14:15:09 | 002,136,064 | ---- | M] (Microsoft Corporation) MD5=8318ED54797F3E513FD5817A1D4BBD18 -- C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe

[2009/12/08 19:26:15 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=9696C553F994340CD6AA5C5A724C3A19 -- C:\WINDOWS\system32\ntoskrnl.exe

[2006/12/19 16:51:12 | 002,182,016 | ---- | M] (Microsoft Corporation) MD5=CEF243F6DEFD20BE4ADDE26C7ECACB54 -- C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

[2009/02/07 23:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[2008/08/14 10:09:26 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=F6F8245B3A2E9CA834DD318E7AE0C6D0 -- C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe

[2009/08/04 13:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe



< MD5 for: SCECLI.DLL >

[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll



< MD5 for: USERINIT.EXE >

[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe



< MD5 for: UXTHEME.DLL >

[2004/08/04 08:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll

[2008/04/14 00:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll

[2008/04/14 00:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\system32\uxtheme.dll



< %SYSTEMDRIVE%\*.* >

[2010/07/23 22:57:59 | 000,001,962 | ---- | M] () -- C:\aaw7boot.log

[2010/04/07 21:37:58 | 001,686,260 | ---- | M] () -- C:\bar.emf

[2010/07/24 17:35:23 | 000,000,269 | RHS- | M] () -- C:\boot.ini

[2010/07/24 19:46:12 | 000,003,160 | ---- | M] () -- C:\bootex.log

[2010/04/11 17:20:07 | 000,259,781 | ---- | M] () -- C:\drivers.log

[2008/09/02 17:08:49 | 000,004,109 | -H-- | M] () -- C:\ffastun.ffa

[2008/09/02 17:08:49 | 000,008,192 | -H-- | M] () -- C:\ffastun.ffl

[2008/09/02 17:08:49 | 000,004,096 | -H-- | M] () -- C:\ffastun.ffo

[2008/09/02 17:08:49 | 000,004,096 | -H-- | M] () -- C:\ffastun0.ffx

[2008/09/03 01:07:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/07/23 22:58:12 | 000,000,020 | ---- | M] () -- C:\KBSERVICE.BOOTUP.RUNNING

[2008/09/03 01:07:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com

[2008/09/02 17:15:31 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2009/04/27 20:46:22 | 000,000,000 | ---- | M] () -- C:\s26k.2k

[2010/04/06 20:07:34 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini

[2010/07/24 03:05:15 | 000,027,081 | ---- | M] () -- C:\Win-Files.txt



< %systemroot%\*. /mp /s >



< %systemroot%\System32\config\*.sav >

[2004/08/07 05:52:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2004/08/07 05:52:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2004/08/07 05:52:06 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav



========== Files - Unicode (All) ==========


< End of report >

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:57 PM

Posted 25 July 2010 - 12:34 PM

There are a couple of suspicious drivers. Let run OTLPE as follows:
  • Boot with the The Ultimate Boot CD For Windows (UBCD4WIN), and follow these steps.
    • Once in the UBCD4WIN desktop, click on My Computer and navigate to the flash drive.
    • Open the OTLPE folder.
  • Double-click on the Start.CMD file.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked, expand the hard drive letter (usually C:), browse to the Windows directory, select it and click OK.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      pciide.sys
      swmsflt.sys
      /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 btanoue

btanoue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 25 July 2010 - 02:22 PM

JSntgRvr,

OK here is the second scan that you requested.

OTL logfile created on: 7/25/2010 7:17:55 PM - Run

OTLPE by OldTimer - Version 3.1.40.0 Folder = C:\OTLPE\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 222.79 Gb Total Space | 199.42 Gb Free Space | 89.51% Space Free | Partition Type: NTFS

Drive D: | 10.09 Gb Total Space | 0.60 Gb Free Space | 5.90% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 662.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS



Computer Name: BARTPE-26164

Current User Name: SYSTEM

Logged in as Administrator.



Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001



========== Win32 Services (SafeList) ==========



SRV - [2010/04/08 18:44:54 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2010/04/08 18:09:42 | 001,024,368 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)

SRV - [2010/04/08 18:09:40 | 000,988,456 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)

SRV - [2008/02/28 05:12:22 | 000,155,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\imapihp.exe -- (ImapiService)

SRV - [2007/12/12 19:08:46 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Auto] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)

SRV - [2007/05/08 16:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2007/04/30 16:28:34 | 000,172,131 | ---- | M] (Hewlett-Packard Ltd) [On_Demand] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)

SRV - [2007/04/27 18:58:58 | 000,221,184 | ---- | M] (SafeBoot International) [Auto] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)

SRV - [2007/02/07 01:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)

SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

SRV - [2006/12/04 20:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)

SRV - [2006/06/22 05:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)





========== Driver Services (All) ==========



DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | Disabled] -- -- (ultra)

DRV - File not found [Kernel | Disabled] -- -- (TosIde)

DRV - File not found [Kernel | Disabled] -- -- (symc8xx)

DRV - File not found [Kernel | Disabled] -- -- (symc810)

DRV - File not found [Kernel | Disabled] -- -- (sym_u3)

DRV - File not found [Kernel | Disabled] -- -- (sym_hi)

DRV - File not found [Kernel | Disabled] -- -- (Sparrow)

DRV - File not found [Kernel | Disabled] -- -- (Simbad)

DRV - File not found [Kernel | Disabled] -- -- (ql1280)

DRV - File not found [Kernel | Disabled] -- -- (ql1240)

DRV - File not found [Kernel | Disabled] -- -- (ql12160)

DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)

DRV - File not found [Kernel | Disabled] -- -- (ql1080)

DRV - File not found [Kernel | Disabled] -- -- (perc2hib)

DRV - File not found [Kernel | Disabled] -- -- (perc2)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys -- (Nmea)

DRV - File not found [Kernel | Disabled] -- -- (mraid35x)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | Disabled] -- -- (ini910u)

DRV - File not found [Kernel | Disabled] -- -- (i2omp)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | Disabled] -- -- (hpn)

DRV - File not found [Kernel | Disabled] -- -- (dpti2o)

DRV - File not found [Kernel | Disabled] -- -- (dac960nt)

DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)

DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)

DRV - File not found [Kernel | Disabled] -- -- (CmdIde)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)

DRV - File not found [Kernel | Disabled] -- -- (Atdisk)

DRV - File not found [Kernel | Disabled] -- -- (asc3550)

DRV - File not found [Kernel | Disabled] -- -- (asc3350p)

DRV - File not found [Kernel | Disabled] -- -- (asc)

DRV - File not found [Kernel | Disabled] -- -- (amsint)

DRV - File not found [Kernel | Disabled] -- -- (aic78xx)

DRV - File not found [Kernel | Disabled] -- -- (aic78u2)

DRV - File not found [Kernel | Disabled] -- -- (Aha154x)

DRV - File not found [Kernel | Disabled] -- -- (adpu160m)

DRV - File not found [Kernel | Disabled] -- -- (abp480n5)

DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)

DRV - [2010/04/08 18:44:56 | 000,090,000 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2010/04/08 18:09:42 | 000,162,832 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2009/12/31 16:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)

DRV - [2009/12/04 20:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)

DRV - [2009/12/04 20:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)

DRV - [2009/12/04 20:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)

DRV - [2009/12/04 18:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)

DRV - [2009/12/02 16:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2009/12/02 16:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2009/12/02 16:12:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)

DRV - [2009/12/02 16:12:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)

DRV - [2009/12/02 16:12:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)

DRV - [2009/12/02 16:12:40 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)

DRV - [2009/10/20 16:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)

DRV - [2009/06/24 11:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)

DRV - [2009/01/09 21:18:02 | 000,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)

DRV - [2009/01/09 21:18:02 | 000,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimSerPort)

DRV - [2008/08/14 10:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)

DRV - [2008/06/20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)

DRV - [2008/05/21 00:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)

DRV - [2008/05/08 14:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/04/14 00:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)

DRV - [2008/04/14 00:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)

DRV - [2008/04/14 00:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)

DRV - [2008/04/14 00:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)

DRV - [2008/04/13 19:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)

DRV - [2008/04/13 19:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)

DRV - [2008/04/13 19:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)

DRV - [2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)

DRV - [2008/04/13 19:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)

DRV - [2008/04/13 19:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)

DRV - [2008/04/13 19:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)

DRV - [2008/04/13 19:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)

DRV - [2008/04/13 19:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)

DRV - [2008/04/13 19:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)

DRV - [2008/04/13 19:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)

DRV - [2008/04/13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)

DRV - [2008/04/13 19:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)

DRV - [2008/04/13 19:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)

DRV - [2008/04/13 19:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)

DRV - [2008/04/13 19:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)

DRV - [2008/04/13 18:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)

DRV - [2008/04/13 18:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)

DRV - [2008/04/13 18:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)

DRV - [2008/04/13 18:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)

DRV - [2008/04/13 18:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)

DRV - [2008/04/13 18:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)

DRV - [2008/04/13 18:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)

DRV - [2008/04/13 18:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)

DRV - [2008/04/13 18:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)

DRV - [2008/04/13 18:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)

DRV - [2008/04/13 18:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)

DRV - [2008/04/13 18:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)

DRV - [2008/04/13 18:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)

DRV - [2008/04/13 18:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)

DRV - [2008/04/13 18:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)

DRV - [2008/04/13 18:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)

DRV - [2008/04/13 18:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)

DRV - [2008/04/13 18:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)

DRV - [2008/04/13 18:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)

DRV - [2008/04/13 18:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)

DRV - [2008/04/13 18:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)

DRV - [2008/04/13 18:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)

DRV - [2008/04/13 18:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)

DRV - [2008/04/13 18:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)

DRV - [2008/04/13 18:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)

DRV - [2008/04/13 18:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)

DRV - [2008/04/13 18:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)

DRV - [2008/04/13 18:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)

DRV - [2008/04/13 18:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2008/04/13 18:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)

DRV - [2008/04/13 18:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)

DRV - [2008/04/13 18:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)

DRV - [2008/04/13 18:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)

DRV - [2008/04/13 18:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)

DRV - [2008/04/13 18:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)

DRV - [2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)

DRV - [2008/04/13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)

DRV - [2008/04/13 18:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)

DRV - [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)

DRV - [2008/04/13 18:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)

DRV - [2008/04/13 18:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)

DRV - [2008/04/13 18:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)

DRV - [2008/04/13 18:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)

DRV - [2008/04/13 18:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)

DRV - [2008/04/13 18:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)

DRV - [2008/04/13 18:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)

DRV - [2008/04/13 18:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)

DRV - [2008/04/13 18:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)

DRV - [2008/04/13 18:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)

DRV - [2008/04/13 18:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)

DRV - [2008/04/13 18:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)

DRV - [2008/04/13 18:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)

DRV - [2008/04/13 18:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)

DRV - [2008/04/13 18:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)

DRV - [2008/04/13 18:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)

DRV - [2008/04/13 18:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)

DRV - [2008/04/13 18:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)

DRV - [2008/04/13 18:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus)

DRV - [2008/04/13 18:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)

DRV - [2008/04/13 18:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)

DRV - [2008/04/13 18:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)

DRV - [2008/04/13 18:36:38 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)

DRV - [2008/04/13 18:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)

DRV - [2008/04/13 18:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)

DRV - [2008/04/13 18:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)

DRV - [2008/04/13 18:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)

DRV - [2008/04/13 18:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)

DRV - [2008/04/13 18:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)

DRV - [2008/04/13 18:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)

DRV - [2008/04/13 18:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)

DRV - [2008/04/13 18:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)

DRV - [2008/04/13 18:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)

DRV - [2008/04/13 18:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)

DRV - [2008/04/13 16:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)

DRV - [2008/04/13 16:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/07/13 04:52:20 | 002,156,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007/05/07 01:00:06 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007/05/07 01:00:06 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007/05/07 01:00:06 | 000,210,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007/05/07 01:00:06 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2007/04/27 03:23:36 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)

DRV - [2007/04/27 03:23:06 | 000,100,095 | ---- | M] (SafeBoot International) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2007/04/23 21:13:44 | 000,030,008 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)

DRV - [2007/04/19 14:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2007/04/12 14:26:08 | 000,250,776 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®

DRV - [2007/04/10 23:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV - [2007/04/04 19:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2007/04/03 09:44:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®

DRV - [2007/03/30 00:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2007/03/01 11:45:58 | 000,289,792 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/02/14 14:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2007/02/14 14:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2007/02/14 14:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2007/02/14 14:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2007/02/14 14:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2007/01/12 13:04:44 | 000,201,856 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2006/12/28 12:44:44 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)

DRV - [2006/12/20 01:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)

DRV - [2006/11/02 15:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)

DRV - [2006/10/09 21:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)

DRV - [2006/09/29 03:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)

DRV - [2006/09/29 02:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)

DRV - [2006/08/07 06:57:30 | 000,093,952 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)

DRV - [2006/07/24 11:00:00 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)

DRV - [2006/07/24 04:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2006/07/24 04:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2006/06/28 17:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2005/09/06 16:39:30 | 000,024,521 | ---- | M] (Nortel Networks) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)

DRV - [2005/09/06 16:39:14 | 000,155,184 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)

DRV - [2005/09/06 16:39:14 | 000,155,184 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)

DRV - [2005/03/14 19:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2004/08/04 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)

DRV - [2004/08/04 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)

DRV - [2004/08/04 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)

DRV - [2004/08/04 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)

DRV - [2004/08/04 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2004/08/04 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)

DRV - [2004/08/04 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)

DRV - [2004/08/04 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)

DRV - [2004/08/04 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)

DRV - [2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)

DRV - [2004/08/04 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)

DRV - [2004/08/04 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)

DRV - [2004/08/04 08:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)

DRV - [2004/08/04 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)

DRV - [2004/08/04 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)

DRV - [2004/08/04 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)

DRV - [2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)

DRV - [2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)

DRV - [2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)

DRV - [2004/08/04 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)

DRV - [2004/08/04 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)

DRV - [2001/08/17 20:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [2001/08/17 17:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)

DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)

DRV - [2001/08/17 15:51:52 | 000,003,328 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)

DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)

DRV - [2001/08/17 08:51:32 | 000,019,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasirda.sys -- (Rasirda) WAN Miniport (IrDA)





========== Standard Registry (All) ==========





========== Internet Explorer ==========



IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm





IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\user_1_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\user_1_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\user_1_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\user_1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\user_1_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\user_1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\user_1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\user_1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643





IE - HKU\user_2_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\user_2_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\user_2_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\user_2_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKU\user_2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0







FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/09 16:16:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 01:30:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/22 01:30:30 | 000,000,000 | ---D | M]



[2010/07/22 01:29:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/22 01:30:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/02/09 16:16:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2010/02/10 00:54:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010/07/22 01:30:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/07/22 01:30:24 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/03/11 04:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll

[2010/03/11 04:40:14 | 000,013,168 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\cgpcfg.dll

[2010/03/11 04:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll

[2010/03/11 04:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll

[2010/03/11 04:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll

[2010/03/11 04:00:04 | 000,255,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxmui.dll

[2010/03/11 04:01:40 | 000,031,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\icafile.dll

[2010/03/11 04:01:12 | 000,040,304 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\icalogon.dll

[2009/12/17 22:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/03/11 04:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll

[2010/07/22 01:30:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2003/07/15 02:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2009/08/16 01:49:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/08/16 01:49:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/08/16 01:49:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/08/16 01:49:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/08/16 01:49:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/08/16 01:49:42 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/08/16 01:49:42 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/10/05 17:49:28 | 000,652,640 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\sslsdk_b.dll

[2010/03/11 04:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

[2010/04/01 15:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/04/01 15:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/04/01 15:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/04/01 15:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/04/01 15:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/04/01 15:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/04/01 15:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml



O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKU\user_1_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\user_1_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\user_1_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\user_1_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKU\user_2_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\user_2_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\user_2_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\user_2_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()

O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\Administrator_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKU\user_1_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\user_1_ON_C..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKU\user_1_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKU\user_1_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\user_2_ON_C..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)

O4 - HKU\user_2_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\user_2_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

O4 - Startup: C:\Documents and Settings\user_1\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\user_2\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Access\Office\FINDFAST.EXE ()

O4 - Startup: C:\Documents and Settings\user_2\Start Menu\Programs\Startup\Office Startup.lnk = C:\Access\Office\OSA.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\user_1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\user_1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\user_2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\user_2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-US\local\search.html ()

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1220373064281 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rimsupport.webex.com/client/T23L/support/ieatgpc.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Instrument.deg

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape Wide.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape Wide.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2010/07/25 15:35:15 | 000,000,000 | ---D | C] -- C:\OTLPE

[2010/07/23 23:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user_1\Application Data\Avira

[2010/07/23 22:34:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010/07/23 22:34:51 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/07/23 22:34:51 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/07/23 22:34:51 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010/07/23 22:34:51 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010/07/23 22:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/07/23 22:32:49 | 000,000,000 | ---D | C] -- C:\bootkit_remover

[2010/07/23 14:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/07/23 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/07/23 13:02:59 | 000,085,504 | ---- | C] (Dell Inc.) -- C:\Documents and Settings\user_1\Local Settings\Application Data\watchdog.exe

[2010/07/23 00:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Desktop

[2010/07/23 00:35:53 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/07/23 00:35:49 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/07/23 00:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user_1\Local Settings\Application Data\Sunbelt Software

[2010/07/23 00:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/07/23 00:21:15 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\user_1\Desktop\Ad-AwareInstall.exe

[2010/07/21 14:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user_1\Application Data\Malwarebytes

[2010/07/21 14:42:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/07/21 14:42:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/07/21 14:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/07/21 14:42:21 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user_1\Desktop\mbam-setup.exe

[2010/07/21 14:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/07/21 14:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/07/21 13:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user_1\Local Settings\Application Data\eciskredd

[2009/10/19 18:19:19 | 000,585,728 | ---- | C] (Hewlett-Packard Company) -- C:\Documents and Settings\user_1\HPAsset.exe

[2009/10/19 18:19:19 | 000,040,960 | ---- | C] (Hewlett-Packard Company) -- C:\Documents and Settings\user_1\hpmonZ.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2010/07/25 19:16:34 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/07/24 17:35:23 | 000,000,269 | RHS- | M] () -- C:\boot.ini

[2010/07/24 00:03:12 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\user_1\NTUSER.DAT

[2010/07/24 00:03:12 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/07/24 00:03:12 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/07/24 00:03:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/07/23 23:02:30 | 000,489,220 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/07/23 23:02:30 | 000,414,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/07/23 23:02:30 | 000,066,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/07/23 22:58:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/07/23 22:58:12 | 000,000,020 | ---- | M] () -- C:\KBSERVICE.BOOTUP.RUNNING

[2010/07/23 22:57:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/07/23 22:56:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user_1\ntuser.ini

[2010/07/23 22:54:22 | 000,085,504 | ---- | M] (Dell Inc.) -- C:\Documents and Settings\user_1\Local Settings\Application Data\watchdog.exe

[2010/07/23 22:30:26 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\avira_antivir_personal_en.exe

[2010/07/23 19:41:08 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin

[2010/07/23 19:17:01 | 000,016,078 | ---- | M] () -- C:\WINDOWS\cfgall.ini

[2010/07/23 17:25:28 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\user_1\.recently-used.xbel

[2010/07/23 12:26:58 | 000,111,672 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/07/23 00:35:49 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/07/23 00:25:52 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\user_1\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/07/23 00:23:04 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\user_1\Desktop\Ad-AwareInstall.exe

[2010/07/23 00:17:08 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\ProcessExplorer.zip

[2010/07/22 20:53:10 | 004,316,720 | -H-- | M] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\IconCache.db

[2010/07/21 16:19:13 | 000,002,179 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\stace

[2010/07/21 13:58:52 | 000,002,804 | ---- | M] () -- C:\WINDOWS\oqatapimo.dll

[2010/07/21 13:47:12 | 000,002,804 | ---- | M] () -- C:\WINDOWS\inayimax.dll

[2010/07/19 13:38:33 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\China Production Timeline 1.ppt

[2010/07/19 12:25:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/07/17 04:20:22 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\Nagano_Directors 072310.xls

[2010/07/16 21:07:50 | 007,514,624 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\Nagano Directors Meeting 072310.doc

[2010/07/16 15:49:01 | 007,372,800 | ---- | M] () -- C:\Documents and Settings\user_1\Desktop\AshChina4photos.doc

[2010/07/12 08:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2010/07/12 08:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/07/09 12:29:05 | 000,001,754 | RHS- | M] () -- C:\Documents and Settings\user_1\ntuser.pol

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]



========== Files Created - No Company Name ==========



[2010/07/23 22:58:12 | 000,000,020 | ---- | C] () -- C:\KBSERVICE.BOOTUP.RUNNING

[2010/07/23 22:29:57 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\avira_antivir_personal_en.exe

[2010/07/23 17:25:28 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\user_1\.recently-used.xbel

[2010/07/23 13:03:05 | 000,001,400 | ---- | C] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\KBOXUserExtension.log

[2010/07/23 02:24:17 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2010/07/23 00:39:02 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/07/23 00:25:52 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\user_1\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2010/07/23 00:17:10 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\ProcessExplorer.zip

[2010/07/21 16:19:13 | 000,002,179 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\stace

[2010/07/21 13:58:52 | 000,002,804 | ---- | C] () -- C:\WINDOWS\oqatapimo.dll

[2010/07/21 13:47:12 | 000,002,804 | ---- | C] () -- C:\WINDOWS\inayimax.dll

[2010/07/19 12:38:24 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\China Production Timeline 1.ppt

[2010/07/17 04:18:11 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\Nagano_Directors 072310.xls

[2010/07/16 20:19:09 | 007,514,624 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\Nagano Directors Meeting 072310.doc

[2010/07/16 15:48:51 | 007,372,800 | ---- | C] () -- C:\Documents and Settings\user_1\Desktop\AshChina4photos.doc

[2010/05/06 19:32:07 | 000,007,987 | ---- | C] () -- C:\Documents and Settings\user_1\RedNotebook-Backup_2010-05-06.zip

[2010/04/11 17:21:34 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys

[2009/10/21 18:30:09 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys

[2009/10/19 18:19:50 | 000,242,867 | ---- | C] () -- C:\Documents and Settings\user_1\hpasset.xml

[2009/10/19 18:19:28 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\user_1\SMSTUB16.DMP

[2009/10/19 18:19:19 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\user_1\zlib.dll

[2009/10/19 18:19:19 | 000,036,208 | ---- | C] () -- C:\Documents and Settings\user_1\Dscan16.dll

[2009/10/19 18:19:19 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\user_1\shortcut.exe

[2009/10/19 18:19:19 | 000,017,477 | ---- | C] () -- C:\Documents and Settings\user_1\Smstub16.exe

[2009/10/19 18:19:19 | 000,005,694 | ---- | C] () -- C:\Documents and Settings\user_1\ispro.ico

[2009/10/19 18:19:19 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\user_1\Smstub16.pif

[2009/09/16 18:04:56 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/02 15:16:16 | 000,000,483 | RH-- | C] () -- C:\Documents and Settings\user_1\xw45cpdy.dyc

[2008/11/18 18:56:59 | 000,001,064 | RH-- | C] () -- C:\Documents and Settings\user_1\XrxWm.ini

[2008/11/18 18:56:59 | 000,000,483 | RH-- | C] () -- C:\Documents and Settings\user_1\xwl50pdy.dyc

[2008/11/04 15:27:44 | 000,001,754 | RHS- | C] () -- C:\Documents and Settings\user_1\ntuser.pol

[2008/11/04 15:27:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\QSwitch.txt

[2008/11/04 15:27:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\DSwitch.txt

[2008/11/04 15:27:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_1\Local Settings\Application Data\AtStart.txt

[2008/11/04 15:27:40 | 004,456,448 | -H-- | C] () -- C:\Documents and Settings\user_1\NTUSER.DAT

[2008/11/04 15:27:40 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\user_1\ntuser.dat.LOG

[2008/11/04 15:27:40 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\user_1\ntuser.ini

[2008/09/03 19:51:54 | 000,001,064 | RH-- | C] () -- C:\Documents and Settings\user_2\XrxWm.ini

[2008/09/03 19:51:54 | 000,000,483 | RH-- | C] () -- C:\Documents and Settings\user_2\xw45cpdy.dyc

[2008/09/03 16:42:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\WDTCPCON.INI

[2008/09/03 01:12:11 | 000,000,871 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/09/03 01:05:50 | 000,016,078 | ---- | C] () -- C:\WINDOWS\cfgall.ini

[2008/09/03 00:55:43 | 000,001,754 | RHS- | C] () -- C:\Documents and Settings\user_2\ntuser.pol

[2008/09/03 00:55:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_2\Local Settings\Application Data\QSwitch.txt

[2008/09/03 00:55:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_2\Local Settings\Application Data\DSwitch.txt

[2008/09/03 00:55:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user_2\Local Settings\Application Data\AtStart.txt

[2008/09/03 00:55:39 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\user_2\NTUSER.DAT

[2008/09/03 00:55:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\user_2\ntuser.dat.LOG

[2008/09/03 00:55:39 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\user_2\ntuser.ini

[2008/09/02 18:32:20 | 000,000,894 | ---- | C] () -- C:\WINDOWS\winzip.ini

[2008/08/30 03:46:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/08/30 03:46:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/08/30 03:46:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/08/30 03:46:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/08/30 03:46:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/08/30 03:46:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/02/28 05:22:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\QSwitch.txt

[2008/02/28 05:22:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DSwitch.txt

[2008/02/28 05:22:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AtStart.txt

[2008/02/28 04:50:57 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2008/02/28 04:50:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI

[2008/02/28 04:26:30 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2008/02/28 04:26:30 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG

[2008/02/28 04:26:30 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini

[2008/02/28 04:26:29 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2008/02/28 04:26:29 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[2008/02/28 04:26:29 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini

[2008/02/28 04:24:33 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT

[2008/02/28 04:24:33 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG

[2008/01/14 21:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll

[2007/04/30 16:31:14 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll

[2007/02/06 19:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2007/02/06 18:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2007/01/19 14:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/19 07:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/19 07:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2005/02/17 15:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 15:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2004/08/07 13:19:22 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2004/08/07 13:19:22 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG

[2004/08/07 13:19:22 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2004/08/07 13:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/08/07 13:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001/08/17 15:51:52 | 000,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciide.sys

[1998/05/07 02:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

[1996/11/17 04:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1996/11/17 04:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996/11/17 04:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL



========== LOP Check ==========



[2010/04/12 14:44:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Bytemobile

[2008/02/28 04:42:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView

[2008/02/28 04:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView

[2010/04/11 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\Bytemobile

[2010/05/06 19:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\gtk-2.0

[2010/06/16 13:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\ICAClient

[2009/03/04 14:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\InterVideo

[2010/02/09 21:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\OmegaT

[2010/02/09 18:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\OpenOffice.org

[2008/12/20 00:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\Opera

[2009/10/21 12:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\Research In Motion

[2008/02/28 04:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\SampleView

[2010/04/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\Sierra Wireless

[2009/03/24 12:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_1\Application Data\Xerox

[2008/02/28 04:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user_2\Application Data\SampleView

[2010/07/23 22:58:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job



========== Purity Check ==========







========== Custom Scans ==========







< MD5 for: PCIIDE.SYS >

[2001/08/17 15:51:52 | 000,003,328 | ---- | M] () MD5=5F1E209D6D31C8B555D8793CF2BCDEF0 -- C:\WINDOWS\system32\drivers\pciide.sys



< MD5 for: SWMSFLT.SYS >

[2009/12/02 16:12:46 | 000,028,288 | ---- | M] () MD5=150AB4FA272130EC55B2A4FAEBDF47F9 -- C:\WINDOWS\system32\drivers\swmsflt.sys



========== Files - Unicode (All) ==========



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:57 PM

Posted 25 July 2010 - 06:45 PM

There seems no backup copies. Download the enclosed folder. [attachment=67181:pciide.zip]Save it on the desktop and extract the containing file to the Flash Drive. Throughout the UBCD4WIN, copy this file to the C:\Windows\System32\Drivers overwriting the present copy.

Once done, restart in Normal Mode. If successful, get an internet connection and follow these steps:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 btanoue

btanoue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 25 July 2010 - 06:50 PM

JSntgRvr,

I will do that now. Standby.

btanoue

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:57 PM

Posted 25 July 2010 - 06:54 PM

thumbup2.gif

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 btanoue

btanoue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 25 July 2010 - 07:00 PM

JSntgRvr,

Good news! I can get back into windows now.
I will run the Combofix.exe and follow up.

Now for the knowledge transfer,
How did you now that the Pciide.sys driver was corrupted?
I'd like to know so I can help others when they have these types of problems.

btanoue

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:57 PM

Posted 25 July 2010 - 07:12 PM

QUOTE(btanoue @ Jul 25 2010, 08:00 PM) View Post
JSntgRvr,

Good news! I can get back into windows now.
I will run the Combofix.exe and follow up.

Now for the knowledge transfer,
How did you now that the Pciide.sys driver was corrupted?
I'd like to know so I can help others when they have these types of problems.

btanoue

Failed its digital signature.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 btanoue

btanoue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 25 July 2010 - 07:19 PM

JSntgRvr,

Is there a site that has all the MD5 Sums for windows xp?

Thanks in Advance,
btanoue

#14 btanoue

btanoue
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 25 July 2010 - 07:32 PM

JSntgRvr,

Check your email :-),

I'll post the combofix output when its done running.

btanoue

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:57 PM

Posted 25 July 2010 - 07:47 PM

Thank you!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users