AntiMalware GO

View previous topic View next topic Go down

AntiMalware GO

Post by NateC on Mon 28 Feb 2011, 2:27 pm

First I'd like to give thanks in advance to any and all who can assist me here, I'm having some serious trouble.

Just this evening I think I got infected with this fake malware scanner called AntiMalware GO. I read the topic of what to do before posting, but after I uninstalled an old version of Adobe Reader, I couldn't install the latest version, nor could I get critical windows updates. The Adobe installer will get canceled, every windows page I try to view on Internet Explorer gets redirected to the AntiMalware GO website. I can't open my system info from the control panel because it just immediately closes.

I'm not sure whether or not to run the programs to get the logs, as I currently don't have Adobe reader and I'm not sure if I have all the necessary Windows Update.

Any help is much appreciated. I'm pretty frustrated at the moment, as it seems this stupid programs has the control to exit out of everything I'm trying to do to get rid of it.

Thanks, Nate.

NateC

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2008-12-02
Operating System : XP SP3

View user profile

Back to top Go down

Re: AntiMalware GO

Post by Gabethebabe on Mon 28 Feb 2011, 7:16 pm

Hi there Nate.
I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I“m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I“m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end! If your computer starts running better, doesn“t mean it is clean yet!


====================

Careful now, AntiMalware GO is rogue software. For an explanation of this term you can consult e.g. Wikipedia. Whatever you do, do not buy a license for this program. If you already did, you have been scammed. In that case I suggest you contact your financial institution and see if you can revert the payment.

The first thing we are going to do is try and temporarily disable the rogue, to get rid of all the annoying popups and allow us to actually do something. For this we use RKill.

====================

Please download RKill by Grinler from Download Mirror #1 and save it to your desktop.
Download Mirror #1 (rkill.exe)
Download Mirror #2 (rkill.scr)
Download Mirror #3 (rkill.com)
Download Mirror #4 (WiNlOgOn.exe)
Download Mirror #5 (uSeRiNiT.exe)
Download Mirror #6 (iExplore.exe)
Download Mirror #7 (eXplorer.exe)

  • Double click the RKill desktop icon (rightclick > Run as Administrator for Vista/WIN7).
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and try using Mirror #2
  • Continue process until the tool runs.
  • Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.



====================

Please download OTL by OldTimer from here and save it to your Desktop.
  • Close all windows and double click OTL.exe.
  • Copy and paste the following text into the Custom Scans/Fixes box:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
/md5start
atapi.sys
explorer.exe
iastor.sys
userinit.exe
winlogon.exe
/md5stop
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need to use two posts to get it all.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: AntiMalware GO

Post by NateC on Mon 28 Feb 2011, 8:00 pm

Gabethebabe, thanks for the response. I was actually able to get the 6th mirror to work, and get OTL to run. Here are the logs. Thanks in advance for any and all further assistance.

OTL logfile created on: 2/7/2011 12:35:12 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Nathan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 366.01 Gb Total Space | 62.59 Gb Free Space | 17.10% Space Free | Partition Type: NTFS

Computer Name: NATE | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/07 00:33:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nathan\Desktop\OTL.exe
PRC - [2010/10/08 13:15:40 | 000,167,936 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010/10/08 11:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2010/10/08 09:01:14 | 000,010,408 | ---- | M] (Microsoft) -- C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
PRC - [2010/09/08 11:10:31 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/12 20:01:28 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/06/22 10:24:44 | 000,715,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2009/06/22 10:24:44 | 000,446,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2009/05/21 10:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/11/04 12:09:58 | 000,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 15:04:36 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2008/03/27 15:04:32 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/12/21 07:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/10/07 19:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/10/07 19:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/10/07 19:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/08/28 11:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2007/07/27 13:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/07/25 13:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 13:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 13:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 13:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/20 13:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 13:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/07/17 19:26:42 | 000,775,952 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
PRC - [2007/07/17 19:26:26 | 000,374,032 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
PRC - [2007/07/17 19:26:26 | 000,320,784 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
PRC - [2007/07/17 19:26:24 | 000,387,856 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
PRC - [2007/07/17 19:26:24 | 000,203,024 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
PRC - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 15:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/02/12 10:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 10:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/02 11:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/06/26 13:34:50 | 000,299,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006/06/13 14:51:38 | 000,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/05/17 22:36:10 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcxcoms.exe


========== Modules (SafeList) ==========

MOD - [2011/02/07 00:33:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nathan\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/07/20 13:56:14 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - [2011/02/02 11:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/10/12 21:12:47 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/08 11:11:50 | 000,131,584 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2010/10/08 09:01:14 | 000,010,408 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
SRV - [2010/04/12 20:01:28 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/06/22 10:24:44 | 000,715,400 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/03/27 15:04:32 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/10/07 19:48:36 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 19:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 19:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/08/28 18:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/26 18:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/07/25 13:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007/07/20 13:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/05/29 15:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 15:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/02/12 10:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/17 22:36:10 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV - [2010/12/17 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110225.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110225.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/04 00:47:19 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk41.sys -- (PsSdk41)
DRV - [2010/10/07 14:36:04 | 000,234,160 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/06/04 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/29 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/12 13:51:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/05/12 13:42:50 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2008/09/24 15:11:44 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/08/10 12:47:49 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/03/27 15:04:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/08/28 11:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 11:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/12 15:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/07/26 18:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/07/17 19:30:28 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/07/17 06:11:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/17 06:11:20 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/17 06:11:20 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/06/26 08:15:22 | 000,117,888 | ---- | M] (AGEIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\physX32.sys -- (physX32)
DRV - [2007/05/29 12:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/02 09:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/12 14:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33440

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/| [You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.071101000055

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/05 15:38:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/06 18:53:10 | 000,000,000 | ---D | M]

[2008/06/18 16:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nathan\Application Data\Mozilla\Extensions
[2011/02/06 19:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\2lxpfhki.default\extensions
[2010/07/27 14:43:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\2lxpfhki.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/06 19:05:50 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\2lxpfhki.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/01/01 20:23:24 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\2lxpfhki.default\extensions\moveplayer@movenetworks.com
[2011/02/06 19:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/06 18:53:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/06 18:53:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/06 18:53:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2008/12/02 11:42:49 | 000,000,002 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AdobeUpdater] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [arbxieuw] C:\Documents and Settings\Nathan\Local Settings\Temp\obpktlkvi\kpvlqkehmof.exe ()
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} [You must be registered and logged in to see this link.] (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5f10141c-a6e5-11dd-a14a-001d0955d951}\Shell - "" = AutoRun
O33 - MountPoints2\{5f10141c-a6e5-11dd-a14a-001d0955d951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f10141c-a6e5-11dd-a14a-001d0955d951}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\Shell - "" = AutoRun
O33 - MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nATe.EXE
O33 - MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\Shell - "" = AutoRun
O33 - MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL LIBLAbS-usER.exE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 4.0 & Silverlight 3.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{f548df6a-9bbd-4268-a68b-92f1e425c085} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/22 17:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathan\My Documents\D2LOD-1.12A-enUS
[2011/02/21 20:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/07 00:33:22 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nathan\Desktop\OTL.exe
[2011/02/06 19:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/02/06 19:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/02/06 18:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/06 18:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/06 18:53:10 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/06 18:53:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/06 18:53:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/06 18:53:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/06 18:53:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/05 15:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathan\Application Data\abgx360
[2011/02/05 15:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathan\Desktop\i luv cod
[2011/02/05 15:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\abgx360
[2011/02/05 14:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathan\Desktop\JungleFlasher v0.1.78 Beta (183)
[2011/02/01 16:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathan\Local Settings\Application Data\TechSmith
[2011/02/01 16:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathan\My Documents\Camtasia Studio
[2011/02/01 16:59:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/02/01 16:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7
[2011/02/01 16:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2011/02/01 16:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2011/02/01 16:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/02/01 15:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathan\Desktop\Pictures
[2011/01/31 16:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Minitab
[2011/01/31 16:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2011/01/31 16:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Minitab
[2011/01/31 16:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Minitab
[2011/01/31 16:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nathan\Application Data\FLEXnet
[2011/01/31 16:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Minitab Shared
[2011/01/21 06:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2008/08/11 10:50:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Nathan\Application Data\pcouffin.sys
[2008/06/03 15:21:00 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2008/06/03 15:21:00 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2008/06/03 15:20:59 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2008/06/03 15:20:59 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2008/06/03 15:20:59 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2008/06/03 15:20:59 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2008/06/03 15:20:59 | 000,495,616 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2008/06/03 15:20:59 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2008/06/03 15:20:59 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2008/06/03 15:20:59 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2008/06/03 15:20:59 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2008/06/03 15:20:59 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[2008/06/03 15:20:59 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2008/06/03 15:20:59 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2008/04/30 13:08:58 | 000,008,192 | ---- | C] ( ) -- C:\WINDOWS\System32\cshost.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/21 20:17:00 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/21 13:48:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/12 16:52:54 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Nathan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 22:03:09 | 000,104,702 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\madguy.gif
[2011/02/10 00:57:21 | 000,148,541 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\LOL.jpg
[2011/02/08 22:57:49 | 000,953,877 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\Siss.JPG
[2011/02/08 21:43:12 | 000,080,456 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\LAWL.png
[2011/02/07 00:33:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nathan\Desktop\OTL.exe
[2011/02/07 00:28:21 | 000,034,997 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/02/06 23:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/06 19:38:43 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/02/06 19:08:11 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/06 19:08:11 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/06 19:05:43 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/06 19:05:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/06 19:03:40 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/02/06 19:03:38 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/02/06 19:03:13 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/06 19:02:48 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/02/06 19:02:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/06 19:02:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/06 19:02:24 | 3219,177,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/06 18:53:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/06 18:53:02 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/06 18:53:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/06 18:53:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/06 18:53:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/06 17:23:19 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/02/04 18:52:03 | 003,890,478 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\David2.bmp
[2011/02/04 18:46:38 | 004,558,014 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\David.bmp
[2011/02/02 18:47:33 | 000,110,761 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\XD.JPG
[2011/02/01 21:38:28 | 000,136,846 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\WK5_Detailed_EXP_Plan_E.Brodnick_N.Creighton.pdf
[2011/02/01 20:53:03 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\IME326.MPJ
[2011/02/01 16:59:32 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2011/02/01 15:37:23 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\E.BRODNICK_N.CREIGHTON_MATRIX.MPJ.BAK
[2011/02/01 15:37:23 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\E.BRODNICK_N.CREIGHTON_MATRIX.MPJ
[2011/01/31 17:32:31 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\IME326.MPJ.BAK
[2011/01/31 16:45:35 | 000,001,625 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Minitab 16.lnk
[2011/01/31 16:45:00 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Minitab Software Update Manager.job
[2011/01/29 21:14:58 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Nathan\Desktop\Lin.jpg
[2011/01/21 06:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 06:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/11 22:03:07 | 000,104,702 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\madguy.gif
[2011/02/10 00:57:19 | 000,148,541 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\LOL.jpg
[2011/02/08 22:57:48 | 000,953,877 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\Siss.JPG
[2011/02/08 21:43:07 | 000,080,456 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\LAWL.png
[2011/02/04 18:52:03 | 003,890,478 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\David2.bmp
[2011/02/04 18:46:37 | 004,558,014 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\David.bmp
[2011/02/02 18:47:33 | 000,110,761 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\XD.JPG
[2011/02/01 21:38:27 | 000,136,846 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\WK5_Detailed_EXP_Plan_E.Brodnick_N.Creighton.pdf
[2011/02/01 21:28:39 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\E.BRODNICK_N.CREIGHTON_MATRIX.MPJ.BAK
[2011/02/01 21:28:00 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\E.BRODNICK_N.CREIGHTON_MATRIX.MPJ
[2011/02/01 20:48:38 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\IME326.MPJ.BAK
[2011/02/01 16:59:32 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2011/01/31 17:32:31 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\IME326.MPJ
[2011/01/31 16:45:47 | 000,000,478 | ---- | C] () -- C:\WINDOWS\tasks\Minitab Software Update Manager.job
[2011/01/31 16:45:35 | 000,001,625 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Minitab 16.lnk
[2011/01/29 21:14:57 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Nathan\Desktop\Lin.jpg
[2010/12/06 05:58:56 | 002,496,715 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2010/10/22 19:32:54 | 000,240,976 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/22 19:32:52 | 000,240,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/22 19:32:52 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/22 19:32:29 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/17 18:57:14 | 000,039,960 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/05 14:07:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/16 10:27:31 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Nathan\Local Settings\Application Data\fusioncache.dat
[2009/05/11 17:36:06 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Nathan\Application Data\inst.exe
[2009/05/11 14:47:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/05 13:40:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/12/02 09:57:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/02 09:57:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/02 09:57:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/02 09:57:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/10/31 22:44:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/15 16:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 16:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/13 15:56:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/25 17:27:56 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2008/08/25 17:27:30 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2008/08/13 11:21:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/11 10:52:42 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Nathan\Application Data\vso_ts_preview.xml
[2008/08/11 10:50:04 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Nathan\Application Data\pcouffin.cat
[2008/08/11 10:50:04 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Nathan\Application Data\pcouffin.inf
[2008/08/09 15:40:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/08/09 15:40:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/08/09 15:39:15 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/06/11 18:56:50 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Nathan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/11 11:14:02 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/11 11:11:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/03 16:05:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/03 15:54:21 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/06/03 15:45:22 | 000,000,074 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/06/03 15:26:09 | 000,034,997 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/06/03 15:21:00 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2008/06/03 15:21:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2008/06/03 15:21:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2008/06/03 15:21:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2008/06/03 15:21:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2008/06/03 15:21:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2008/06/03 15:20:59 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2008/06/03 15:20:59 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2008/06/03 15:20:59 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2008/06/03 15:20:59 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2008/06/03 15:20:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2008/06/03 15:20:58 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2008/06/03 15:20:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2008/06/03 15:20:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2008/06/03 15:20:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2008/06/03 15:20:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/03 15:20:29 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/06/03 15:18:51 | 000,001,116 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/13 05:56:04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\dlcxplc.ini
[2004/08/11 14:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 14:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 14:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 14:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 14:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 14:06:43 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 14:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 14:00:28 | 000,443,034 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 14:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 14:00:28 | 000,072,134 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 14:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 14:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 14:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 14:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 14:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 14:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 14:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 14:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/08/10 12:47:49 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys


NateC

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2008-12-02
Operating System : XP SP3

View user profile

Back to top Go down

Re: AntiMalware GO

Post by NateC on Mon 28 Feb 2011, 8:02 pm

< %systemroot%\system32\drivers\*.sys >
[2008/04/13 10:46:18 | 000,053,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\1394bus.sys
[2001/08/17 10:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS
[2008/04/13 10:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2004/08/04 02:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2001/08/17 11:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\adpu160m.sys
[2008/04/13 08:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2008/06/03 15:44:29 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys
[2008/08/14 02:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 10:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2001/08/17 10:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aha154x.sys
[2001/08/17 11:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78u2.sys
[2001/08/17 11:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78xx.sys
[2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys
[2008/04/13 10:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 10:31:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 10:31:33 | 000,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2001/08/17 10:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amsint.sys
[2005/08/12 14:50:46 | 000,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS
[2008/04/13 10:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2001/08/17 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys
[2001/08/17 10:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asc3350p.sys
[2001/08/17 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys
[2008/04/13 10:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:29:30 | 000,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 21:29:30 | 000,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 21:29:30 | 000,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 21:29:32 | 000,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 21:29:32 | 000,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 21:29:32 | 000,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 21:29:32 | 000,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 21:29:32 | 000,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 21:29:32 | 000,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 21:29:32 | 000,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/03 21:29:28 | 000,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 21:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 21:29:28 | 000,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 21:29:30 | 000,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 21:29:30 | 000,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 21:29:30 | 000,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 21:29:32 | 000,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 21:29:32 | 000,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 21:29:32 | 000,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 21:29:32 | 000,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 21:29:32 | 000,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 21:29:32 | 000,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 10:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2004/08/04 02:00:00 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 10:51:30 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2004/08/04 02:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 10:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2007/07/17 19:30:28 | 000,161,792 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys
[2008/04/13 10:36:32 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\battc.sys
[2004/08/04 02:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2008/04/13 10:53:23 | 000,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 10:46:33 | 000,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 10:46:33 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 10:51:34 | 000,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 03:05:51 | 000,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 10:46:31 | 000,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 10:46:29 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys
[2010/05/12 13:42:50 | 000,057,800 | ---- | M] (EldoS Corporation) -- C:\WINDOWS\system32\drivers\CBDisk.sys
[2001/08/17 10:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2008/04/13 10:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys
[2001/08/17 10:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys
[2004/08/04 02:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 11:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys
[2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys
[2008/04/13 10:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/04 02:00:00 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 11:16:22 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2008/04/13 10:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cmbatt.sys
[2001/08/17 10:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys
[2008/04/13 10:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\compbatt.sys
[2001/08/17 10:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cpqarray.sys
[2004/08/04 02:00:00 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 10:31:32 | 000,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2001/08/17 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys
[2001/08/17 10:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dac960nt.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 10:40:44 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008/04/13 10:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 10:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2004/08/04 02:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 10:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys
[2001/08/17 11:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dpti2o.sys
[2008/04/13 10:45:14 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 10:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004/08/04 02:00:00 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2006/11/02 09:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec02.sys
[2008/04/13 10:38:29 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2004/08/04 02:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2001/08/17 09:12:10 | 000,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys
[2001/08/17 10:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\enum1394.sys
[2008/04/13 11:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008/04/13 10:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 10:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 10:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 10:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/04 02:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2004/08/04 02:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2001/08/17 10:52:50 | 000,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 10:36:40 | 000,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2004/08/12 14:45:52 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys
[2008/04/13 10:46:30 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 10:45:26 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 10:45:26 | 000,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 10:45:22 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008/04/13 10:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2001/08/17 11:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hpn.sys
[2004/08/03 21:41:48 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 21:41:50 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 21:41:56 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2009/10/20 08:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 10:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i2omgmt.sys
[2008/04/13 10:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i2omp.sys
[2008/04/13 11:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2007/07/19 07:12:00 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/04/13 10:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2001/08/17 10:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ini910u.sys
[2008/04/13 10:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 10:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 10:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004/08/04 02:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 10:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 10:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 11:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 10:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys
[2008/04/13 10:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 10:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 10:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 10:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 11:16:36 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 03:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2004/08/04 02:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2010/10/07 14:36:04 | 000,234,160 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\system32\drivers\MDFSYSNT.SYS
[2004/08/03 21:41:56 | 000,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2010/05/12 13:51:34 | 000,029,792 | ---- | M] (Mediafour Corporation) -- C:\WINDOWS\system32\drivers\MDPMGRNT.SYS
[2008/04/13 10:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2004/08/04 02:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 11:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 10:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 12:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 10:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 10:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys
[2001/08/17 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys
[2008/04/13 10:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2010/02/24 05:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 10:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 10:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/13 10:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 10:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 10:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 10:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008/04/13 10:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys
[2004/08/03 21:41:40 | 000,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 21:41:38 | 001,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 21:29:38 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 11:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 10:43:55 | 000,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008/04/13 10:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys
[2008/04/13 11:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 10:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys
[2008/04/13 10:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 10:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 11:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2010/11/02 07:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 10:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 11:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2007/08/12 15:05:34 | 002,211,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys
[2008/04/13 10:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004/08/04 02:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 10:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 11:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 21:41:40 | 000,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2004/08/04 02:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2010/10/08 00:30:00 | 009,587,776 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2004/08/04 02:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004/08/04 02:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004/08/04 02:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004/08/04 02:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 10:34:12 | 000,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys
[2007/08/28 11:54:50 | 000,141,376 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Afx.sys
[2007/08/28 11:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys
[2007/08/28 11:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys
[2008/04/13 10:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2004/08/04 02:00:00 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 10:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 10:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 10:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004/08/04 02:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 10:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2001/08/17 10:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2008/04/13 10:40:29 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 10:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008/08/11 10:50:04 | 000,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys
[2001/08/17 11:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2.sys
[2001/08/17 11:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\perc2hib.sys
[2007/06/26 08:15:22 | 000,117,888 | ---- | M] (AGEIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\physX32.sys
[2008/04/13 11:19:41 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 10:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 10:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2010/11/04 00:47:19 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\system32\drivers\pssdk41.sys
[2004/08/04 02:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2007/11/14 00:00:00 | 000,043,840 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2001/08/17 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys
[2001/08/17 10:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql10wnt.sys
[2001/08/17 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys
[2001/08/17 10:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ql1240.sys
[2001/08/17 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys
[2004/08/04 02:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 11:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 10:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 11:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004/08/04 02:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2004/08/04 02:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 11:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/04 02:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 10:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/13 16:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 21:41:40 | 000,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 10:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 10:46:32 | 000,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2007/07/17 06:11:20 | 000,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys
[2007/01/18 10:24:58 | 000,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys
[2007/07/17 06:11:20 | 000,056,832 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys
[2008/05/20 19:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys
[2004/08/04 02:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004/08/04 02:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2007/07/17 06:11:22 | 000,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys
[2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 10:56:49 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 10:56:49 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2004/08/04 02:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2007/05/29 12:29:30 | 000,012,416 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys
[2004/08/03 21:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 10:40:30 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 10:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008/04/13 10:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 11:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 10:40:47 | 000,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 10:40:48 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 10:40:47 | 000,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 10:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys
[2008/04/13 10:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys
[2004/08/03 21:41:42 | 000,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 21:41:44 | 000,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 21:41:46 | 000,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 21:41:46 | 000,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 10:36:34 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys
[2004/08/04 02:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2008/04/13 10:46:07 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2001/08/17 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys
[2008/04/13 10:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/08/10 12:47:49 | 000,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
[2008/04/13 10:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2010/08/26 05:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2008/03/27 15:04:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys
[2008/04/13 10:45:15 | 000,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 10:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys
[2008/04/13 10:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 10:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys
[2001/08/17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys
[2008/09/24 15:11:44 | 000,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2001/08/17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys
[2001/08/17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys
[2008/03/26 19:27:24 | 000,216,800 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys
[2008/04/13 11:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 10:40:50 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 03:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 11:00:05 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 16:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 16:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 16:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/04 02:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2001/08/17 10:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\toside.sys
[2004/08/04 02:00:00 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 10:56:01 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 10:36:40 | 000,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 10:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2001/08/17 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys
[2008/04/13 10:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2010/04/19 19:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2008/04/13 10:45:40 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 10:45:41 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 10:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004/08/04 02:00:00 | 000,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 10:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 10:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 10:45:43 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 10:45:36 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 10:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 10:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 10:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/13 10:46:20 | 000,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004/08/04 02:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 10:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 10:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 10:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys
[2008/04/13 10:44:40 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 10:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 10:43:55 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 21:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 21:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 21:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 21:29:42 | 000,011,935 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 10:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/03 21:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 21:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2008/04/13 11:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2008/04/13 10:36:38 | 000,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys
[2004/08/04 02:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2005/01/28 13:44:28 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004/08/04 02:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2008/04/13 10:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 16:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 16:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 16:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 16:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 16:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 16:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 16:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 16:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 16:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 16:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 16:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 16:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 16:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 16:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 16:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/10/14 14:08:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2008/06/03 15:23:32 | 000,008,304 | RH-- | M] () -- C:\dell.sdr
[2011/02/06 19:05:12 | 000,000,156 | ---- | M] () -- C:\dlcx.log
[2011/02/06 19:02:24 | 3219,177,472 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/04 02:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/01 16:43:24 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/06 19:02:23 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2008/11/05 00:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2011/02/05 15:19:36 | 000,000,000 | ---D | M] -- C:\Program Files\abgx360
[2010/11/03 19:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Absolute Software
[2008/08/22 14:50:25 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2008/08/10 12:51:32 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2010/09/12 11:29:44 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/12 11:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/06/03 15:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/12/06 20:31:33 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2008/09/24 14:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2008/06/03 15:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/02/06 18:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/11 14:12:04 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/06/03 15:45:15 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/06/03 15:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2008/06/03 15:54:12 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/08/09 15:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/06/03 15:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2008/08/09 15:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\Dell PC Fax
[2008/12/04 13:24:09 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Photo AIO Printer 926
[2008/06/03 15:54:04 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/10/27 10:11:54 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011/02/05 11:43:35 | 000,000,000 | ---D | M] -- C:\Program Files\dl_cats
[2010/04/27 22:33:08 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/12/06 12:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2010/04/29 23:10:14 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/06/03 15:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2008/06/03 15:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\Intel, Inc
[2011/02/21 13:44:25 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/09/12 11:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/02/20 12:48:44 | 000,000,000 | ---D | M] -- C:\Program Files\iPrep 101
[2010/09/12 11:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/05/11 20:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/08/23 12:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\LFLInstall
[2008/06/03 15:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/11/03 21:24:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mediafour
[2008/12/01 16:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/08/11 14:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/06/03 15:51:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/06/03 16:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2008/06/03 16:02:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2009/10/17 04:04:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/06/03 15:51:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/01/31 16:45:02 | 000,000,000 | ---D | M] -- C:\Program Files\Minitab
[2010/08/11 07:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/02/07 00:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/15 11:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/06/03 15:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/11 14:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/11 14:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/08/16 10:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/06/03 15:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/06/03 16:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/12/01 16:44:20 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/02/06 19:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/10/22 19:35:56 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2004/08/11 14:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/31 00:11:20 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/04/07 15:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2008/12/11 16:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET
[2009/05/11 18:18:40 | 000,000,000 | ---D | M] -- C:\Program Files\ProENGINEER Schools Edition
[2010/09/12 11:32:53 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/15 11:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/12/05 13:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2008/09/24 15:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\ResNet
[2008/12/05 13:29:01 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/06/03 15:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2010/12/20 21:44:04 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/05/01 10:21:47 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2008/09/24 15:11:44 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/02/06 19:05:29 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2008/06/03 15:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2011/02/01 16:59:19 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2004/08/11 14:20:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/09/12 10:58:57 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/05/11 14:47:10 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2009/05/11 17:36:23 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2008/09/24 15:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/12/01 16:44:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/12/01 16:44:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/11 14:13:20 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/08/11 10:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011/02/06 17:23:20 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2009/05/11 17:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft.temp
[2004/08/11 14:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/11/04 00:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\XLink Kai


< MD5 for: ATAPI.SYS >
[2004/08/04 02:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 02:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/01 16:41:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/01 16:41:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2011/02/07 00:32:10 | 000,721,324 | ---- | M] () MD5=84EA0EC71ED9BB03472D2773B7A477B9 -- C:\Documents and Settings\Nathan\My Documents\Downloads\eXplorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX0\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX1\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX10\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX11\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX12\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX13\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX14\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX2\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX3\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX4\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX5\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX6\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX7\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX8\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX9\procs\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX1\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX10\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX11\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX12\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX13\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX14\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX5\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX6\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX7\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX8\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX9\h\explorer.exe

< MD5 for: IASTOR.SYS >
[2007/02/12 10:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/07/19 07:12:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\storage\R154200\iastor.sys
[2007/07/19 07:12:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\i386\iaStor.sys
[2007/02/12 10:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2007/07/19 07:12:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 02:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 02:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2011/02/07 00:31:50 | 000,721,324 | ---- | M] () MD5=84EA0EC71ED9BB03472D2773B7A477B9 -- C:\Documents and Settings\Nathan\My Documents\Downloads\uSeRiNiT.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX13\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX14\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2008/11/24 12:49:11 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=9B1BD82BD0761B5BA986AF66D2809C30 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX13\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Nathan\Local Settings\Temp\RarSFX14\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Here is the Extra.Txt

OTL Extras logfile created on: 2/7/2011 12:35:12 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Nathan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 366.01 Gb Total Space | 62.59 Gb Free Space | 17.10% Space Free | Partition Type: NTFS

Computer Name: NATE | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724


NateC

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2008-12-02
Operating System : XP SP3

View user profile

Back to top Go down

Re: AntiMalware GO

Post by NateC on Mon 28 Feb 2011, 8:04 pm

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM -- (AOL LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Nathan\Desktop\xbins.exe" = C:\Documents and Settings\Nathan\Desktop\xbins.exe:*:Enabled:xbins
"C:\Program Files\ProENGINEER Schools Edition\i486_nt\nms\nmsd.exe" = C:\Program Files\ProENGINEER Schools Edition\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Program Files\ProENGINEER Schools Edition\i486_nt\obj\pro_comm_msg.exe" = C:\Program Files\ProENGINEER Schools Edition\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Program Files\ProENGINEER Schools Edition\i486_nt\obj\xtop.exe" = C:\Program Files\ProENGINEER Schools Edition\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC -- (PTC)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\StarCraft II\Versions\Base16755\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16755\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\XLink Kai\kaiEngine.exe" = C:\Program Files\XLink Kai\kaiEngine.exe:*:Enabled:XLink Kai Engine -- (http://www.teamxlink.co.uk (Team XLink))
"C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C92C419-4DAA-4B9B-B04F-C2E3CDEDCAF9}" = SoftwareManager
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2773B836-AC66-4178-A414-C5A0F9F5D805}" = XLink Kai
"{277602BC-6903-42FB-975D-F19D684FCC96}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3686ED2F-634B-45EE-84BB-18D17119A582}" = Minitab16
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE76A6A-DE52-4920-9814-905CA5551C2D}" = Cisco NAC Agent
"{3C219E07-7BB0-40FF-82F2-5ECFAD8192C1}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver x86 Ver.3.34.03
"{5E4D7B0F-E869-4834-BEB4-F67319A39617}" = Minitab16
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63FD90F3-58B5-4A25-9C47-428576D994D0}" = Minitab16
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80C15924-E84C-4694-A726-92AB836A2231}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8976EE26-04BC-4435-A6F7-42C2B08B08E6}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF346D59-7F5B-4CA2-9302-7F4AC3C09C10}" = MacDrive 8
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B33E4C22-23EA-465F-BDFF-F9AE0FF364E0}" = 926plc32
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{EC7B6834-AAE2-497F-8C5B-0CBBD754A64C}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
"{EFDD0584-E443-4CA8-8B79-E5BE7B22651D}" = Bootstrapper
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7511FE7-BA89-4939-B2EF-A3F287B0F298}" = Logitech Gaming LCD Software 1.04
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"abgx360" = abgx360 v1.0.5
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_6" = AIM 6
"BlackBerry_{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"GoToAssist" = GoToAssist Corporate
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"iPrep 101" = iPrep 101 v008 Beta
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Minitab16" = Minitab 16
"MinitabSoftwareManager" = Minitab Software Update Manager
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M030" = Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M030
"ProInst" = Intel(R) PROSet/Wireless Software
"PROR" = Microsoft Office Professional 2007
"rn_ca" = ResNet Root Certificate Wizard
"SearchAssist" = SearchAssist
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SynTPDeinstKey" = Dell Touchpad
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Electric Field Hockey" = Electric Field Hockey
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2011 6:25:53 AM | Computer Name = NATE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4234

Error - 2/6/2011 6:25:55 AM | Computer Name = NATE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/6/2011 6:25:55 AM | Computer Name = NATE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6250

Error - 2/6/2011 6:25:55 AM | Computer Name = NATE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6250

Error - 2/6/2011 3:29:36 PM | Computer Name = NATE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/6/2011 3:29:36 PM | Computer Name = NATE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32627312

Error - 2/6/2011 3:29:36 PM | Computer Name = NATE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32627312

Error - 2/6/2011 10:56:47 PM | Computer Name = NATE | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 2/6/2011 11:08:26 PM | Computer Name = NATE | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 2/7/2011 2:26:52 AM | Computer Name = NATE | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPC32.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\Nathan\Local Settings\Temp\obpktlkvi\kpvlqkehmof.exe
(PID 2944) Time: Sunday, February 06, 2011 10:26:52 PM

[ System Events ]
Error - 2/4/2011 8:44:59 PM | Computer Name = NATE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC001FF3D1441C that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3B8B10B3-9D7. The master browser is stopping or an election is being
forced.

Error - 2/4/2011 9:51:15 PM | Computer Name = NATE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC001FF3D1441C that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3B8B10B3-9D7. The master browser is stopping or an election is being
forced.

Error - 2/5/2011 2:34:34 AM | Computer Name = NATE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC001FF3D1441C that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3B8B10B3-9D7. The master browser is stopping or an election is being
forced.

Error - 2/5/2011 11:53:08 PM | Computer Name = NATE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC001FF3D1441C that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{AE7B0A6B-B36. The master browser is stopping or an election is being
forced.

Error - 2/6/2011 5:11:40 AM | Computer Name = NATE | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -86372 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.27:123->207.46.232.182:123) is working
properly.

Error - 2/7/2011 4:44:22 PM | Computer Name = NATE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 2/7/2011 5:41:45 PM | Computer Name = NATE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC001FF3D1441C that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{AE7B0A6B-B36. The master browser is stopping or an election is being
forced.

Error - 2/7/2011 11:15:08 PM | Computer Name = NATE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC001FF3D1441C that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{AE7B0A6B-B36. The master browser is stopping or an election is being
forced.

Error - 2/8/2011 9:07:17 PM | Computer Name = NATE | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AE7B0A6B-B368-4E63-A894-3B6A46B3C6F9}
because another computer on the network has the same name. The server could not
start.

Error - 2/9/2011 4:05:51 PM | Computer Name = NATE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.


< End of report >


Sorry, I tried to break things as evenly as possible and could only manage a minimum of 3 posts. Hopefully this won't make it any harder for you.

NateC

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2008-12-02
Operating System : XP SP3

View user profile

Back to top Go down

Re: AntiMalware GO

Post by Gabethebabe on Tue 01 Mar 2011, 2:37 am

    Hey Nate. The following instructions should prove effective in eliminating the rogueware.

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:


:otl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33440
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AdobeUpdater] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [arbxieuw] C:\Documents and Settings\Nathan\Local Settings\Temp\obpktlkvi\kpvlqkehmof.exe ()
O33 - MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\Shell - "" = AutoRun
O33 - MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nATe.EXE
O33 - MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\Shell - "" = AutoRun
O33 - MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL LIBLAbS-usER.exE

:registry
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = -
"5000:TCP" = -
"5001:TCP" = -
"5002:TCP" = -
"5003:TCP" = -
"5004:TCP" = -
"5005:TCP" = -
"5006:TCP" = -
"5007:TCP" = -
"5008:TCP" = -
"5009:TCP" = -
"5010:TCP" = -
"5011:TCP" = -
"5012:TCP" = -
"5013:TCP" = -
"5014:TCP" = -
"5015:TCP" = -
"5016:TCP" = -
"5017:TCP" = -
"5018:TCP" = -
"5019:TCP" = -
"5020:TCP" = -

:commands
[emptytemp]
  • Then click the Run Fix button at the top.
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


====================

I see that you have P2P software installed on your machine (uTorrent).
While file-sharing is a useful concept, P2P programs are mostly used for shady/illegal practices like software piracy, copyright infraction and malware distribution. You really do not want to contribute to illegal activities or find yourself victim of cybercriminals using P2P for spreading of their malware. I would strongly recommend that you uninstall all P2P software, however that choice is up to you. If you choose to remove these programs, you can do so via Start >> Control Panel >> Add or Remove Programs.

====================

I recommend you uninstall this program through Start >> Control Panel >> Add or Remove Programs:
Viewpoint Media Player

It comes with AOL, is installed without your consent and is generally useless.

====================

I will await your OTL log here.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: AntiMalware GO

Post by NateC on Tue 01 Mar 2011, 5:58 am

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeUpdater deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\arbxieuw deleted successfully.
C:\Documents and Settings\Nathan\Local Settings\Temp\obpktlkvi\kpvlqkehmof.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f10141d-a6e5-11dd-a14a-001d0955d951}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nATe.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85eda595-ca73-11de-a1c4-001d0955d951}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85eda595-ca73-11de-a1c4-001d0955d951}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85eda595-ca73-11de-a1c4-001d0955d951}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85eda595-ca73-11de-a1c4-001d0955d951}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL LIBLAbS-usER.exE not found.
Error: Unable to interpret <:registry> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]> in the current context!
Error: Unable to interpret ~[Filtered]~ in the current context!
Error: Unable to interpret <"5000:TCP" = -> in the current context!
Error: Unable to interpret <"5001:TCP" = -> in the current context!
Error: Unable to interpret <"5002:TCP" = -> in the current context!
Error: Unable to interpret <"5003:TCP" = -> in the current context!
Error: Unable to interpret <"5004:TCP" = -> in the current context!
Error: Unable to interpret <"5005:TCP" = -> in the current context!
Error: Unable to interpret <"5006:TCP" = -> in the current context!
Error: Unable to interpret <"5007:TCP" = -> in the current context!
Error: Unable to interpret <"5008:TCP" = -> in the current context!
Error: Unable to interpret <"5009:TCP" = -> in the current context!
Error: Unable to interpret <"5010:TCP" = -> in the current context!
Error: Unable to interpret <"5011:TCP" = -> in the current context!
Error: Unable to interpret <"5012:TCP" = -> in the current context!
Error: Unable to interpret <"5013:TCP" = -> in the current context!
Error: Unable to interpret <"5014:TCP" = -> in the current context!
Error: Unable to interpret <"5015:TCP" = -> in the current context!
Error: Unable to interpret <"5016:TCP" = -> in the current context!
Error: Unable to interpret <"5017:TCP" = -> in the current context!
Error: Unable to interpret <"5018:TCP" = -> in the current context!
Error: Unable to interpret <"5019:TCP" = -> in the current context!
Error: Unable to interpret <"5020:TCP" = -> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 119482 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4985335 bytes

User: Nathan
->Temp folder emptied: 1311386359 bytes
->Temporary Internet Files folder emptied: 17466971 bytes
->Java cache emptied: 113020311 bytes
->FireFox cache emptied: 86735151 bytes
->Flash cache emptied: 195696 bytes

User: NetworkService
->Temp folder emptied: 742620 bytes
->Temporary Internet Files folder emptied: 2502514 bytes

User: TEMP
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 119482 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39320501 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91252066 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,591.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 02072011_103916

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



NateC

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2008-12-02
Operating System : XP SP3

View user profile

Back to top Go down

Re: AntiMalware GO

Post by Gabethebabe on Tue 01 Mar 2011, 7:37 am

Nate, after rebooting your computer should run better now. Does it?
If you have problems connecting to internet, follow the next step. If internet works correctly you can skip the first of the next two steps.

====================

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: AntiMalware GO

Post by NateC on Tue 01 Mar 2011, 9:55 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5907

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/7/2011 2:34:15 PM
mbam-log-2011-02-07 (14-34-15).txt

Scan type: Quick scan
Objects scanned: 173068
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\mdnkso81qq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\mozilla firefox\chrome\amba.jar (Trojan.Hanam) -> Quarantined and deleted successfully.
c:\documents and settings\Nathan\my documents\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
c:\documents and settings\Nathan\my documents\downloads\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

NateC

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2008-12-02
Operating System : XP SP3

View user profile

Back to top Go down

Re: AntiMalware GO

Post by Gabethebabe on Tue 01 Mar 2011, 11:02 pm

Looking pretty good Nate

How is your computer running now?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: AntiMalware GO

Post by NateC on Thu 03 Mar 2011, 5:44 pm

Gabe, everything has been running fine now since the last time I posted. Is there anything else I can/ should do?

NateC

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2008-12-02
Operating System : XP SP3

View user profile

Back to top Go down

Re: AntiMalware GO

Post by Gabethebabe on Fri 04 Mar 2011, 1:26 am

NateC wrote:Gabe, everything has been running fine now since the last time I posted. Is there anything else I can/ should do?
Not much. As far as I can see, your computer is CLEAN.




====================

Time to uninstall used tools.
  • If we used OTL: double click OTL.exe to run it again and click the CleanUp button.
  • If we used Malwarebytes Anti-Malware, I recommend you keep this excellent product and use it for periodic scanning of your system.
  • If we used any other tools and they still remain on your desktop, please delete them manually.


====================

Allright! Now that we have you cleaned, we“ve got to make sure you stay clean.
Let me provide you with some recommendations:

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit [You must be registered and logged in to see this link.]. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can“t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • Avira. 100 million users can“t be wrong. If you want high detection rates, this is your best free bet.
  • Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • Online Armor. A very smart and user friendly firewall.
  • Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look [You must be registered and logged in to see this link.] for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  • Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use version 8) can be made a lot safer with Spywareblaster (manual here).
  • The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  • WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? [You must be registered and logged in to see this link.]!

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: AntiMalware GO

Post by Sponsored content Today at 9:48 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum