borojamie Posted February 22, 2010 Posted February 22, 2010 Hi Guys, Sorry to be a pain again however yet another virus has penetrated mcafee :-( please could i have some help. I think i have isolated the website justin.tv (streaming sports) altho i am not sure why it is happening as my flash player is adobe and has been downloaded from adobe website (not a link etc). Initially mcafee blocked several attempts however then blocked all files and folders, it disabled my firewall and virus checker and offered to 'replace them' with XP Guardian 2010 which i ignored. After a little bit of research i found out how to remove the virus by manually amending my registry however a virus has blocked amendments ("administrator only" - which i am). I tried to reboot in safe and ms dos but would not be allowed. All restore points are also deleted. After a couple of days I(another short notice mil detachment) rebooted my laptop to try and use mbam and the programme had been partially deleted I was also unable to use exe files. By now i could get on-line and tried to download mbam again however I am unable to open as it offers me no option to open exe files. I have ran a pandaactivescan 2.0 and post the following results below. I have also posted a hijackthis report too Any help you can give would be gratefully recieved thanks for you help Jamie Quote
borojamie Posted February 22, 2010 Author Posted February 22, 2010 pandascan ;*********************************************************************************************************************************************************************************** ANALYSIS: 2010-02-22 18:09:27 PROTECTIONS: 1 MALWARE: 9 SUSPECTS: 1 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== McAfee VirusScan Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\jamie panico\cookies\jamie_panico@doubleclick[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\jamie panico\cookies\jamie_panico@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\helpassistant\cookies\jamie_panico@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\jamie panico\local settings\temp\cookies\jamie_panico@atdmt[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\jamie panico\cookies\jamie_panico@ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\jamie panico\cookies\jamie_panico@apmebf[2].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\documents and settings\jamie panico\cookies\jamie_panico@adultfriendfinder[1].txt 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\windows\system32\sudimiyi.dll 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\windows\system32\bahezefi.dll 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\windows\system32\zenemala.dll 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\jamie panico\local settings\temp\ygkafmgx.exe 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\jamie panico\local settings\temp\vwwixjz.exe 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\jamie panico\local settings\temp\msinits.exe 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\jamie panico\local settings\temp\c4531278.tmp 03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\documents and settings\jamie panico\local settings\temp\e.exe 04779562 trj/sinowal.wos Virus/Trojan No 1 Yes No c:\windows\system32\lowsec 05991271 Generic Worm Virus/Worm No 0 Yes No c:\windows\system32\penarutu.dll.tmp 05991271 Generic Worm Virus/Worm No 0 Yes No c:\windows\system32\bevimahu.dll.tmp 05991271 Generic Worm Virus/Worm No 0 Yes No c:\windows\system32\perohapi.dll.tmp 06000944 Generic Malware Virus/Trojan No 0 Yes No c:\documents and settings\jamie panico\local settings\temp\mdm.exe 06000944 Generic Malware Virus/Trojan No 0 Yes No c:\documents and settings\jamie panico\local settings\temp\notepad.exe ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== No c:\windows\system32\wipotazi.dll ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== 203505 HIGH MS08-071 ;=================================================================================================================================================================================== Quote
borojamie Posted February 22, 2010 Author Posted February 22, 2010 I have just tried to re-post hijack this report and am unable to use the programme due to exes being blocked sorry! thanks again Quote
Jelly Bean Posted February 22, 2010 Posted February 22, 2010 Your computer appears to be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. It is in your best interest to note the following: Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process. Perform all the steps in the order listed to avoid any conflicts. If unsure, please stop and voice your doubts. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference. If you stick to the above guidelines, all should go smoothly. ================================================ STEP 1 Download ATF-Cleaner by Atribune. Save the file to your Desktop. Double-click on the file to run the program. On the Main tab, check the Select All button. Next, click on the Firefox tab (if applicable) and check the Select All button. Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt. Now, click on the Opera tab (if applicable) and check the Select All button. Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt. Press the Empty Selected button and click OK to acknowledge the corresponding prompt. Click on the Exit button to quit the program. ================================================ STEP 2 Please click here to download Malwarebytes' Anti-Malware. Save the file to your Desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, make sure a check mark is placed next to: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Click Finish. [*]The program will download and update itself if it finds the necessity to do so. Please allow this. [*]Once the program has loaded, select Perform full scan, then click Scan. Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process. [*]When the scan is complete, click OK, and then Show Results to view the results. [*]Make sure that every entry is selected, and click Remove Selected. [*]Restart your computer. ================================================ STEP 3 Please click here to download SUPERAntiSpyware (Free Version). Save the file to your Desktop. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program. Open SUPERAntiSpyware. Under Configuration and Preferences, click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following fields checked: [*]Click the Close button to leave the control center screen. [*]On the main screen, under Scan for Harmful Software click Scan your computer. [*]On the left, make sure you check mark All the Fixed Drives. [*]On the right, under Complete Scan, choose Perform Complete Scan. [*]Click Next to start the scan. Please be patient while it scans your computer. [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK. [*]Make sure every entry has a check mark next to it and click Next. [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu. [*]Restart your computer. ================================================ STEP 4 Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan. Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu. Check mark the YES, I accept the Terms of Use box. Click the Start button. Click the Install button on the following screen. Click Start. This will will initialize and update the scanner engine. Check mark the box beside Remove found threats. Click the Scan button. This will start the scan. Please be patient while it is in progress. Restart your computer. ================================================ STEP 5 Click on Start > Programs > Accessories > System Tools and select System Restore. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore. Next, click on Start > Run, type Cleanmgr and click on OK. Click on the More Options tab. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one. This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files. Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong. Re-enable all your security applications and please return here and tell us how the computer seems to be operating. Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Quote Rwy'n ceisio fy ngorau......................
borojamie Posted February 22, 2010 Author Posted February 22, 2010 Hi Jelly Bean, Thanks for your help, Unfortunately I cannot close any security measures as mcafee wont open - bringing up a box showing "open with" and list of applications. This happens for all exe files. I have tried to disable via Ctrl Panel but the security centre and firewall icons do not open sayin rundll.exe cannot be found. I have managed to download atf-cleaner but cannot open as it refers to a windows box showing "open with". The programmes in there do not allow anything suitable :-( Quote
Jelly Bean Posted February 22, 2010 Posted February 22, 2010 Run in safe mode with networking. Quote Rwy'n ceisio fy ngorau......................
borojamie Posted February 22, 2010 Author Posted February 22, 2010 mate, Sorry it wont open in safe mode either it reels off lots of files then says loading "sptd.sys" blue screen flash and reboots only offering windows normal thanks again for your help mate, u a swans fan? Quote
RandyL Posted February 23, 2010 Posted February 23, 2010 "sptd.sys" Driver used by the CD Rom emulation program, Daemon Tools Version 4. There have been some reports of problems with this driver. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Starbuck Posted February 23, 2010 Posted February 23, 2010 Hi borojamie, You definitely have some nasties there. Are you still having problems trying to open/run .exe files? If so, try this: Please download exeHelper to your desktop. If your AV program throws up a warning about the program, ignore the warning. Some AV's flag this program because of how it works... that's all. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of exehelperlog.txt ( Will be created in the directory where you ran exeHelper.com and should open at the end of the scan) Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ). Let me have the report and also let me know if things are any better. We'll take it from there. Thanks Quote Member of:UNITE
borojamie Posted February 23, 2010 Author Posted February 23, 2010 Starbuck thanks for the advice, Unfortunately as i download it mcafee blocks it automatically without the option to allow the programme (a trojan). Windows also pops up and says file error "disc write protected or full" seems like its locked down everything at the moment :-( Quote
Starbuck Posted February 23, 2010 Posted February 23, 2010 Hi borojamie, Unfortunately as i download it mcafee blocks it automatically without the option to allow the programme At the moment McCrappy is just that. It's not doing anything... you are severely infected, so let's see if we can shut it up for awhile. To disable your McAfee security programs please refer to the clip below. http://img.photobucket.com/albums/v666/sUBs/mcafee_disable.gif If you manage to shut McAfee up, please try the download/instructions for exehelper again. Have you tried uninstalling McAfee? Also can you let me know if you have access to another system, so that we could download something to that and then transfer it to the infected system by way of usb stick? Quote Member of:UNITE
borojamie Posted February 25, 2010 Author Posted February 25, 2010 Sorry I havent been in touch, major problems now :-( Starbuck thanks for your help, I do have access to another mates laptop/usb stick. Unfortuantely my laptop froze completely as it restarted it looped into rebooting permanently allowing me to choose safe mode networking, normal or safe mode - msdos. I have tried to log in using all 3 options and all revert to a blue screen and reboot again. I am assuming this is a total system shutdown? Will i have to reset to factory settings which i can enter (not that ive entered the password or confirmed. If so i have lots of media files, photos and ms office documents on the c: & D: is there a way i can recover these files? perhaps by making the c: a slave - as i would a normal pc? or am i resigned to losing them in total? Thanks again for your help Quote
Starbuck Posted February 25, 2010 Posted February 25, 2010 (edited) Hi borojamie, Hopefully all is not lost, the good news is that you have access to another system. You don't mind mind a little work do you? :) Quick explanation: If we make a bootable disc and boot your system up using this... we can bypass the malware and get a report off the infected system. You then transfer the report to the usb stick, and then send the report from the other system. You will also be able to get any files etc you want off the system at the same time.... sound good? OK this file is big... print these instruction out so that you know what you are doing Two programmes to download First ISOBurner this will allow you to burn OTLPE.iso to a CD and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions Second Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is approx 280Mb in size so it may take some time to download. When downloaded double click and this will then open ISOBurner to burn the file to CD Reboot your system using the boot CD you just created. Note : If you do not know how to set your computer to boot from CD follow the steps here As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :) Your system should now display a Reatogo desktop. Note : as you are running from CD it is not exactly speedy Double-click on the OTLPE icon. Select the Windows folder of the infected drive if it asks for a location When asked "Do you wish to load the remote registry", select Yes When asked "Do you wish to load remote user profile(s) for scanning", select Yes Ensure the box "Automatically Load All Remaining Users" is checked and press OK OTL should now start. Change the following settings. Change Drivers to All Change Registry to All Under the Custom Scan box paste this in: %SYSTEMDRIVE%\*.* /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys /md5stop %systemroot%\*. /mp /s %systemroot%\System32\config\*.sav Press Run Scan to start the scan. When finished, the file will be saved in drive C:\OTL.txt Copy this file to your USB drive if you do not have internet connection on this system. Right click the file and select send to : select the USB drive. Confirm that it has copied to the USB drive by selecting it You can backup any files that you wish from this OS Please post the contents of the C:\OTL.txt file in your reply. Edited February 25, 2010 by Starbuck Quote Member of:UNITE
borojamie Posted February 27, 2010 Author Posted February 27, 2010 Starbuck thanks for your help ive made the OTLPE disc and will be using it on my laptop tomorrow afternoon when i get back to camp. Thanks again for your help mate Quote
Starbuck Posted February 27, 2010 Posted February 27, 2010 ive made the OTLPE disc and will be using it on my laptop tomorrow afternoon when i get back to camp Nice one http://fc07.deviantart.com/images3/i/2004/146/9/1/Two_thumbs_up.gif Together we can beat this, let's not let the bad guys win. Post the report as soon as you have it, i'll be waiting. Quote Member of:UNITE
borojamie Posted March 1, 2010 Author Posted March 1, 2010 Hi Starbuck, I managed to load my laptop with the new OS yesterday and went to use OTLPE, however my keyboard is not completely in use. I cannot produce * or M when trying to copytype your above instructions. will this work if I paste it fm TXT file on memory stick. I am cautious of attaching a memory stick or external harddrive as I don't want the virus to transfer. If I back up all my personal files using Reatogo OS will this completely avoid contamination? Once I have the report results and save them to another file, am I safe to re-insert the memory stick in to my mates computer I don't want to infect his machine. Thanks for your help mate, Jamie Quote
Starbuck Posted March 1, 2010 Posted March 1, 2010 Hi borojamie, will this work if I paste it fm TXT file on memory stick. Yes, using copy and paste is probably a better way as there's less chance of a mistake. am I safe to re-insert the memory stick in to my mates computer I don't want to infect his machine. As you're not actually running windows, the malware won't be active, so nothing should be passed to the usb stick. Quote Member of:UNITE
borojamie Posted March 1, 2010 Author Posted March 1, 2010 OTL logfile created on: 3/1/2010 8:28:53 PM - Run OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 782.00 Mb Available Physical Memory | 76.00% Memory free 906.00 Mb Paging File | 841.00 Mb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53.20 Gb Total Space | 7.28 Gb Free Space | 13.69% Space Free | Partition Type: FAT32 Drive D: | 53.69 Gb Total Space | 10.33 Gb Free Space | 19.25% Space Free | Partition Type: FAT32 Drive E: | 963.73 Mb Total Space | 963.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009/08/29 16:11:10 | 000,133,104 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca28baf7cbe6a6) Google Update Service (gupdate1ca28baf7cbe6a6) SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor) SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2009/06/05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/04/07 09:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/04/17 22:56:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/04/14 01:11:56 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\irmon.dll -- (Irmon) SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/01/11 19:49:06 | 000,122,880 | ---- | M] (Sony DADC Austria AG.) [Auto] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7) SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2006/12/15 04:01:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/07/20 05:58:00 | 000,143,426 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2006/06/23 10:40:58 | 000,086,016 | ---- | M] (Logitech) [Auto] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2006/05/18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService) SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/03/10 00:49:52 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService) SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) Quote
borojamie Posted March 1, 2010 Author Posted March 1, 2010 ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (SYMIDSCO) DRV - File not found [Kernel | On_Demand] -- -- (sony_ssm.sys) DRV - File not found [Kernel | Disabled] -- -- (Simbad) DRV - File not found [Kernel | On_Demand] -- -- (RTCore32) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | Disabled] -- -- (Atdisk) DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk) DRV - [2010/01/27 22:55:38 | 000,005,632 | ---- | M] () [File_System | System] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/12/31 16:50:04 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv) DRV - [2009/12/04 18:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb) DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/10/20 16:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP) DRV - [2009/10/12 22:24:48 | 000,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP) DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009/06/24 12:18:42 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD) DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/04/07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009/02/02 19:03:00 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008/08/14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD) DRV - [2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip) DRV - [2008/06/20 12:08:28 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008/06/13 12:05:52 | 000,272,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT) DRV - [2008/04/14 01:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD) DRV - [2008/04/14 01:13:22 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP) DRV - [2008/04/14 01:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD) DRV - [2008/04/14 01:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TDPIPE.sys -- (TDPIPE) DRV - [2008/04/13 20:28:40 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss) DRV - [2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2008/04/13 20:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan) DRV - [2008/04/13 20:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS) DRV - [2008/04/13 20:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP) DRV - [2008/04/13 20:19:44 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP) DRV - [2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec) DRV - [2008/04/13 20:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008/04/13 20:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud) DRV - [2008/04/13 20:17:06 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup) DRV - [2008/04/13 20:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio) DRV - [2008/04/13 20:15:54 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs) DRV - [2008/04/13 20:15:46 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Serial.sys -- (Serial) DRV - [2008/04/13 20:14:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat) DRV - [2008/04/13 20:14:22 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs) DRV - [2008/04/13 20:00:20 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem) DRV - [2008/04/13 19:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe) DRV - [2008/04/13 19:57:30 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy) DRV - [2008/04/13 19:57:28 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2008/04/13 19:57:28 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi) DRV - [2008/04/13 19:57:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp) DRV - [2008/04/13 19:57:16 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat) DRV - [2008/04/13 19:57:08 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp) DRV - [2008/04/13 19:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched) DRV - [2008/04/13 19:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc) DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/13 19:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS) DRV - [2008/04/13 19:56:02 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp) DRV - [2008/04/13 19:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio) DRV - [2008/04/13 19:54:36 | 000,088,192 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\irda.sys -- (irda) DRV - [2008/04/13 19:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM) DRV - [2008/04/13 19:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw) DRV - [2008/04/13 19:51:34 | 000,101,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network) DRV - [2008/04/13 19:51:26 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394) DRV - [2008/04/13 19:51:26 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394) DRV - [2008/04/13 19:51:26 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc) DRV - [2008/04/13 19:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint) DRV - [2008/04/13 19:46:34 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BthEnum.sys -- (BthEnum) DRV - [2008/04/13 19:46:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) DRV - [2008/04/13 19:46:30 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB) DRV - [2008/04/13 19:46:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC) DRV - [2008/04/13 19:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC) DRV - [2008/04/13 19:46:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE) DRV - [2008/04/13 19:46:24 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP) DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip) DRV - [2008/04/13 19:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP) DRV - [2008/04/13 19:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394) DRV - [2008/04/13 19:45:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub) DRV - [2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR) DRV - [2008/04/13 19:45:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci) DRV - [2008/04/13 19:45:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci) DRV - [2008/04/13 19:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb) DRV - [2008/04/13 19:45:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud) DRV - [2008/04/13 19:45:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer) DRV - [2008/04/13 19:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi) DRV - [2008/04/13 19:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter) DRV - [2008/04/13 19:45:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic) DRV - [2008/04/13 19:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008/04/13 19:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio) DRV - [2008/04/13 19:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave) DRV - [2008/04/13 19:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp) DRV - [2008/04/13 19:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i2omgmt.sys -- (i2omgmt) DRV - [2008/04/13 19:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap) DRV - [2008/04/13 19:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi) DRV - [2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer) Quote
borojamie Posted March 1, 2010 Author Posted March 1, 2010 DRV - [2008/04/13 19:40:50 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr) DRV - [2008/04/13 19:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk) DRV - [2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Sfloppy.sys -- (Sfloppy) DRV - [2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom) DRV - [2008/04/13 19:40:32 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde) DRV - [2008/04/13 19:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi) DRV - [2008/04/13 19:40:30 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde) DRV - [2008/04/13 19:40:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook) DRV - [2008/04/13 19:40:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Fdc.sys -- (Fdc) DRV - [2008/04/13 19:40:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Flpydisk.sys -- (Flpydisk) DRV - [2008/04/13 19:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Parport.sys -- (Parport) DRV - [2008/04/13 19:39:54 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum) DRV - [2008/04/13 19:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV) DRV - [2008/04/13 19:39:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM) DRV - [2008/04/13 19:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE) DRV - [2008/04/13 19:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK) DRV - [2008/04/13 19:39:48 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass) DRV - [2008/04/13 19:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass) DRV - [2008/04/13 19:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid) DRV - [2008/04/13 19:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update) DRV - [2008/04/13 19:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr) DRV - [2008/04/13 19:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr) DRV - [2008/04/13 19:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios) DRV - [2008/04/13 19:36:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008/04/13 19:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus) DRV - [2008/04/13 19:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI) DRV - [2008/04/13 19:36:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp) DRV - [2008/04/13 19:36:40 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ) DRV - [2008/04/13 19:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp) DRV - [2008/04/13 19:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp) DRV - [2008/04/13 19:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp) DRV - [2008/04/13 19:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541) DRV - [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440) DRV - [2008/04/13 19:36:38 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt) DRV - [2008/04/13 19:36:38 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt) DRV - [2008/04/13 19:36:38 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2008/04/13 19:36:36 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI) DRV - [2008/04/13 19:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips) DRV - [2008/04/13 19:33:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr) DRV - [2008/04/13 19:32:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008/04/13 19:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2008/04/13 19:32:40 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs) DRV - [2008/04/13 19:32:40 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs) DRV - [2008/04/13 19:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs) DRV - [2008/04/13 19:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm) DRV - [2008/04/13 17:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2008/04/13 17:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2007/11/13 10:25:54 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006/10/18 20:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb) DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd) DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf) DRV - [2006/08/18 22:40:50 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2006/07/20 05:58:00 | 003,685,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/06/23 10:40:58 | 002,400,128 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv) DRV - [2006/06/23 10:40:58 | 000,016,768 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon) DRV - [2006/06/19 12:20:24 | 001,097,728 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321) DRV - [2006/06/19 12:16:16 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2006/06/16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006/06/16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006/06/16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006/04/03 12:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel® DRV - [2006/03/23 12:47:06 | 001,166,972 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2006/03/03 12:52:30 | 000,192,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2006/01/23 12:41:42 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2006/01/23 12:41:04 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd) DRV - [2006/01/23 12:41:04 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd) DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005/10/31 14:17:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005/10/31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2005/10/24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005/10/18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/10/18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc) DRV - [2005/10/05 15:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt) DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio) DRV - [2005/05/12 18:54:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20) DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netmnt.sys -- (NETMNT) DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm) DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper) DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) DRV - [2004/08/10 20:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k) DRV - [2004/08/10 20:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk) DRV - [2004/08/10 20:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2004/08/10 20:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004/08/10 20:00:00 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx) DRV - [2004/08/10 20:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004/08/10 20:00:00 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2) DRV - [2004/08/10 20:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280) DRV - [2004/08/10 20:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160) DRV - [2004/08/10 20:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240) DRV - [2004/08/10 20:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080) DRV - [2004/08/10 20:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra) DRV - [2004/08/10 20:00:00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2004/08/10 20:00:00 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt) DRV - [2004/08/10 20:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2004/08/10 20:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx) DRV - [2004/08/10 20:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd) DRV - [2004/08/10 20:00:00 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp) DRV - [2004/08/10 20:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3) DRV - [2004/08/10 20:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi) DRV - [2004/08/10 20:00:00 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2) DRV - [2004/08/10 20:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc) DRV - [2004/08/10 20:00:00 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn) DRV - [2004/08/10 20:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5) DRV - [2004/08/10 20:00:00 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p) DRV - [2004/08/10 20:00:00 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o) DRV - [2004/08/10 20:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow) DRV - [2004/08/10 20:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Cdaudio.sys -- (Cdaudio) DRV - [2004/08/10 20:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/10 20:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x) DRV - [2004/08/10 20:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti) DRV - [2004/08/10 20:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810) DRV - [2004/08/10 20:00:00 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u) DRV - [2004/08/10 20:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray) DRV - [2004/08/10 20:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550) Quote
borojamie Posted March 1, 2010 Author Posted March 1, 2010 DRV - [2004/08/10 20:00:00 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt) DRV - [2004/08/10 20:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2004/08/10 20:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf) DRV - [2004/08/10 20:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x) DRV - [2004/08/10 20:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt) DRV - [2004/08/10 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL) DRV - [2004/08/10 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint) DRV - [2004/08/10 20:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC) DRV - [2004/08/10 20:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd) DRV - [2004/08/10 20:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2004/08/10 20:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt) DRV - [2004/08/10 20:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm) DRV - [2004/08/10 20:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde) DRV - [2004/08/10 20:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload) DRV - [2004/08/10 20:00:00 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib) DRV - [2004/08/10 20:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde) DRV - [2004/08/10 20:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde) DRV - [2004/08/10 20:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD) DRV - [2004/08/10 20:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd) DRV - [2004/08/10 20:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep) DRV - [2004/08/10 20:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde) DRV - [2004/08/10 20:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null) DRV - [2004/08/10 20:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock) DRV - [2004/08/10 03:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV) DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub) DRV - [2001/08/17 13:51:32 | 000,019,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasirda.sys -- (Rasirda) WAN Miniport (IrDA) DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK & Ireland IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Acer.com Worldwide - Select your local country or region IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\HelpAssistant_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\HelpAssistant_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 Quote
borojamie Posted March 1, 2010 Author Posted March 1, 2010 IE - HKU\Jamie_Panico_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\Jamie_Panico_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\Jamie_Panico_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\Jamie_Panico_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\Jamie_Panico_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results IE - HKU\Jamie_Panico_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\Jamie_Panico_ON_C\Software\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx IE - HKU\Jamie_Panico_ON_C\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKU\Jamie_Panico_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\Jamie_Panico_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\Jamie_Panico_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\Jamie_Panico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/07/01 16:58:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/23 14:57:18 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004/08/10 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Internet Explorer Plugin) - {1DAA3B2E-65DF-4DA6-83C1-50B52ECD0E55} - C:\WINDOWS\System32\duivqwenq8.dll (Rox) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\HelpAssistant_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\Jamie_Panico_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\Jamie_Panico_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\Jamie_Panico_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [bisosonew] C:\WINDOWS\System32\jozavuyo.DLL () O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer) O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech) O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [nonep] C:\Documents and Settings\Jamie Panico\Local Settings\Temp\miu6C.tmp.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\HelpAssistant_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\HelpAssistant_ON_C..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\HelpAssistant_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\HelpAssistant_ON_C..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe File not found O4 - HKU\HelpAssistant_ON_C..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - HKU\Jamie_Panico_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\setup.exe File not found O4 - HKU\Jamie_Panico_ON_C..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\Jamie_Panico_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\Jamie_Panico_ON_C..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\Jamie_Panico_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\Jamie_Panico_ON_C..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\Jamie_Panico_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Jamie_Panico_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\Jamie_Panico_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme () O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) Quote
borojamie Posted March 1, 2010 Author Posted March 1, 2010 O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab57176.cab (ZoneChess Object) O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/public/chat/msnchat45.cab (MSN Chat Control 4.5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (pulasiya.dll) - C:\WINDOWS\System32\pulasiya.dll () O20 - AppInit_DLLs: (c:\windows\system32\jozavuyo.dll) - C:\WINDOWS\system32\jozavuyo.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe (Uzxepyilpoy) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O21 - SSODL: wulinuned - {5156fb13-d1e6-451c-9839-5e758268ec36} - C:\WINDOWS\system32\jozavuyo.dll () O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {5156fb13-d1e6-451c-9839-5e758268ec36} - kupuhivus - C:\WINDOWS\system32\jozavuyo.dll () O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) Quote
borojamie Posted March 1, 2010 Author Posted March 1, 2010 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/02/28 23:18:24 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft [2010/02/28 23:17:01 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies [2010/02/28 23:17:01 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent [2010/02/28 23:17:01 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures [2010/02/28 23:17:01 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music [2010/02/28 23:17:01 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents [2010/02/28 23:17:01 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop [2010/02/28 23:17:01 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data [2010/02/22 23:22:41 | 000,038,400 | ---- | C] (Rox) -- C:\WINDOWS\System32\duivqwenq8.dll [2010/02/22 22:45:09 | 000,038,400 | ---- | C] (Rox) -- C:\WINDOWS\System32\byxo7.dll [2010/02/22 19:30:27 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Jamie Panico\Desktop\ATF-Cleaner.exe [2010/02/21 20:13:36 | 000,038,400 | ---- | C] (Rox) -- C:\WINDOWS\System32\svsnjleie4.dll [2010/02/21 19:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\NOS [2010/02/21 19:30:57 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jamie Panico\Desktop\mbam-setup.exe [2010/02/19 16:30:20 | 000,000,000 | -HSD | C] -- C:\FOUND.000 [2010/02/18 21:36:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010/02/18 01:10:29 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010/02/18 01:10:29 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010/02/18 01:10:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys [2010/02/18 01:10:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010/02/18 01:08:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/03/01 17:38:02 | 002,150,224 | -H-- | M] () -- B:\Documents and Settings\Default User\Local Settings\Application Data\IconCache.db [2010/03/01 17:37:32 | 000,565,248 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat [2010/02/28 23:29:52 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/02/28 23:26:30 | 000,001,251 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/02/26 11:51:20 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/02/26 11:51:20 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/02/26 11:51:20 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/02/26 11:51:20 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/02/26 11:51:20 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/02/26 11:51:20 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/02/26 11:51:20 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/02/26 11:51:20 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/02/26 11:51:20 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/02/26 11:51:20 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/02/26 11:51:20 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/02/26 11:51:20 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/02/26 11:51:20 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/02/26 11:51:20 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/02/23 23:08:26 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat [2010/02/23 23:08:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/23 23:08:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/02/23 23:07:52 | 000,024,299 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2010/02/23 23:07:52 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata [2010/02/23 23:07:50 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2010/02/23 23:06:24 | 016,515,072 | ---- | M] () -- C:\Documents and Settings\Jamie Panico\NTUSER.DAT [2010/02/23 23:06:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jamie Panico\ntuser.ini [2010/02/23 23:02:38 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rireluho [2010/02/23 23:00:08 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\agtttnsf.job [2010/02/23 22:30:08 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/02/23 17:21:08 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\System32\jozavuyo.dll [2010/02/23 17:21:08 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\kiyerili.dll [2010/02/22 23:22:44 | 000,022,568 | ---- | M] () -- C:\WINDOWS\System32\hzriuq [2010/02/22 23:22:42 | 000,049,664 | ---- | M] () -- C:\WINDOWS\System32\svae.jpg [2010/02/22 23:22:42 | 000,038,400 | ---- | M] (Rox) -- C:\WINDOWS\System32\duivqwenq8.dll [2010/02/22 22:45:10 | 000,038,400 | ---- | M] (Rox) -- C:\WINDOWS\System32\byxo7.dll [2010/02/22 22:30:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/02/22 19:56:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/02/22 19:56:34 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys [2010/02/22 19:30:28 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Jamie Panico\Desktop\ATF-Cleaner.exe [2010/02/22 19:03:36 | 000,093,696 | -HS- | M] () -- C:\WINDOWS\System32\dorehimo.dll [2010/02/22 19:03:36 | 000,070,656 | -HS- | M] () -- C:\WINDOWS\System32\wobowedi.dll [2010/02/22 19:03:36 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\guwinoda.dll [2010/02/22 07:03:14 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\System32\begajetu.dll [2010/02/22 07:03:14 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\nupuyuho.dll [2010/02/21 21:06:34 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jamie Panico\Desktop\TFC.exe [2010/02/21 20:13:38 | 000,038,400 | ---- | M] (Rox) -- C:\WINDOWS\System32\svsnjleie4.dll [2010/02/21 20:13:38 | 000,016,241 | ---- | M] () -- C:\WINDOWS\System32\jwespw [2010/02/21 19:28:22 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jamie Panico\Desktop\mbam-setup.exe [2010/02/21 19:15:08 | 000,005,748 | -HS- | M] () -- C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\Q8T6845 [2010/02/21 19:05:46 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\kayugibu.dll [2010/02/21 19:05:44 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\pulasiya.dll [2010/02/21 19:05:44 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\hofohulu.dll [2010/02/21 19:05:00 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\System32\zuseyubu.dll [2010/02/21 19:05:00 | 000,053,760 | -HS- | M] () -- C:\WINDOWS\System32\dasulelo.dll [2010/02/21 19:05:00 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\bebufizu.dll [2010/02/21 19:05:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\wipotazi.dll [2010/02/21 19:04:56 | 000,000,675 | ---- | M] () -- C:\WINDOWS\win.ini [2010/02/21 19:04:40 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010/02/21 19:03:16 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/02/21 19:02:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/02/19 16:39:52 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Jamie Panico\Desktop\fix.reg [2010/02/18 20:16:32 | 000,002,713 | -HS- | M] () -- C:\WINDOWS\System32\rogavove.dll [2010/02/18 20:16:32 | 000,002,713 | -HS- | M] () -- C:\WINDOWS\System32\funebaro.dll [2010/02/18 20:16:24 | 000,057,344 | -HS- | M] () -- C:\WINDOWS\System32\bavopipi.dll [2010/02/18 20:16:24 | 000,045,568 | -HS- | M] () -- C:\WINDOWS\System32\sudimiyi.dll [2010/02/18 19:30:08 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\Jamie Panico\Desktop\HijackThis.lnk [2010/02/18 16:58:06 | 000,039,424 | ---- | M] () -- C:\WINDOWS\System32\bahezefi.dll [2010/02/18 16:58:00 | 000,093,184 | ---- | M] () -- C:\WINDOWS\System32\zenemala.dll [2010/02/16 00:35:46 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/11 00:04:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/02/11 00:01:48 | 002,003,208 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2010/02/07 23:46:36 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Jamie Panico\Desktop\finneran.xls [2010/02/01 01:00:12 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] Quote
borojamie Posted March 1, 2010 Author Posted March 1, 2010 ========== Files Created - No Company Name ========== [2010/02/28 23:17:01 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/02/28 23:17:01 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/02/28 23:17:01 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/02/28 23:17:01 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/02/28 23:17:01 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/02/28 23:17:01 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/02/28 23:17:01 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/02/28 23:17:01 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/02/28 23:17:01 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/02/28 23:17:01 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/02/28 23:17:01 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/02/28 23:17:01 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/02/28 23:17:01 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/02/28 23:17:01 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/02/28 23:17:01 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/02/28 23:17:01 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/02/28 23:17:01 | 000,001,251 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/02/23 23:07:50 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata [2010/02/23 17:21:05 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\jozavuyo.dll [2010/02/23 17:21:05 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kiyerili.dll [2010/02/22 22:45:10 | 000,022,568 | ---- | C] () -- C:\WINDOWS\System32\hzriuq [2010/02/22 19:03:35 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\agtttnsf.job [2010/02/22 19:03:32 | 000,093,696 | -HS- | C] () -- C:\WINDOWS\System32\dorehimo.dll [2010/02/22 19:03:32 | 000,070,656 | -HS- | C] () -- C:\WINDOWS\System32\wobowedi.dll [2010/02/22 19:03:32 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\guwinoda.dll [2010/02/22 07:03:11 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\begajetu.dll [2010/02/22 07:03:11 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nupuyuho.dll [2010/02/21 20:13:37 | 000,016,241 | ---- | C] () -- C:\WINDOWS\System32\jwespw [2010/02/21 20:13:36 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\svae.jpg [2010/02/21 19:05:37 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\pulasiya.dll [2010/02/21 19:05:37 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\kayugibu.dll [2010/02/21 19:05:37 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\hofohulu.dll [2010/02/21 19:04:58 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\bebufizu.dll [2010/02/21 19:04:57 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\zuseyubu.dll [2010/02/21 19:04:57 | 000,053,760 | -HS- | C] () -- C:\WINDOWS\System32\dasulelo.dll [2010/02/21 19:04:57 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wipotazi.dll [2010/02/19 16:39:50 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Jamie Panico\Desktop\fix.reg [2010/02/18 20:16:30 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\rogavove.dll [2010/02/18 20:16:30 | 000,002,713 | -HS- | C] () -- C:\WINDOWS\System32\funebaro.dll [2010/02/18 20:16:23 | 000,057,344 | -HS- | C] () -- C:\WINDOWS\System32\bavopipi.dll [2010/02/18 20:16:23 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\sudimiyi.dll [2010/02/18 16:58:05 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\bahezefi.dll [2010/02/18 16:58:00 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\zenemala.dll [2010/02/18 01:08:35 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\rireluho [2010/02/18 01:08:33 | 000,005,748 | -HS- | C] () -- C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\Q8T6845 [2010/02/07 21:39:26 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Jamie Panico\Desktop\finneran.xls [2010/01/29 01:56:13 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll [2010/01/27 21:52:45 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010/01/27 21:52:45 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010/01/27 21:52:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Jamie Panico\Application Data\$_hpcst$.hpc [2009/08/29 16:16:10 | 000,000,912 | ---- | C] () -- C:\WINDOWS\aoxppr.ini [2009/03/03 00:17:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2009/02/13 12:32:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/12/28 21:14:49 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll [2008/06/19 14:18:21 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2008/05/26 00:37:45 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008/05/26 00:37:37 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/05/26 00:37:37 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/05/26 00:37:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/05/26 00:37:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/05/26 00:37:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/05/05 19:45:00 | 000,001,809 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2008/05/01 12:18:03 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2008/05/01 12:18:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2008/03/23 15:48:39 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini [2008/01/02 04:20:51 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini [2007/12/30 23:58:19 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2007/12/30 23:55:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2007/12/30 23:55:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2007/12/30 23:55:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2007/12/30 23:55:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2007/12/30 23:55:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2007/12/30 23:53:59 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini [2007/12/30 23:50:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/12/30 23:45:48 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\fusioncache.dat [2007/12/30 19:24:45 | 000,210,432 | ---- | C] () -- C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/08/19 08:21:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/08/18 22:42:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006/08/18 22:40:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006/08/18 22:08:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2006/06/23 10:40:58 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys [2006/06/23 10:40:58 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys [2006/06/19 11:59:24 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006/06/16 19:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll [2006/06/12 16:11:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/06/12 16:11:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/06/12 16:11:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/06/12 16:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/06/12 16:11:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005/10/31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/10/26 14:59:46 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/06/28 18:55:08 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll [2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\netmnt.sys [2005/03/28 15:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2004/08/10 20:00:00 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys [2004/08/10 20:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll [2004/08/10 20:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll [2004/08/10 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997/06/13 07:56:08 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer [2009/07/01 17:02:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore [2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer [2006/08/18 22:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\Acer [2008/01/01 22:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\Command & Conquer 3 Tiberium Wars [2008/05/29 22:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\Command & Conquer 3 Kane's Wrath [2009/03/08 18:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\Red Alert 3 [2009/03/15 13:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\Uniblue [2009/05/06 18:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\pokerth [2009/02/02 19:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\DAEMON Tools [2009/08/22 11:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\Red Kawa [2009/12/28 20:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\My Battle for Middle-earth Files [2010/01/27 21:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\Samsung [2010/01/27 23:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jamie Panico\Application Data\PC Suite [2009/07/01 17:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2010/02/23 23:00:08 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\agtttnsf.job [2010/02/01 01:00:12 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/10/15 03:30:30 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.