Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

infected with rootkit possibly

Started by PC user , Oct 25 2009 06:18 AM

  • Please log in to reply

#1
PC user
Posted 25 October 2009 - 06:18 AM

PC user

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

My computer is possibly infected with some rootkit, automatically disables symantec endpoint protection on startup and then enables it later, this looks like symantec is under he control of rootkit.

This laptop is very important to me having over 50gb of data, i am almost to the point of having it reinstalled with a fresh image.

Have run MBAM, Rootrepeal, OTL, HiJackthis earlier to diagnose the problem myself. (Many thanks for all the anti malware software developed by this forums staff, they are turely amazing, I apologise since I have used them without your permissions)

Followed your malware removal instructions.

I am posting my Rootrepeal log and OTL log for your analysis, I know that you are all doing voluntary work and the service you are doing is amazing. Your help is greatly appreciated.

My RootRepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/25 12:09
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9D261000 Size: 778240 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9CC55000 Size: 49152 File Visible: No Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0x9CF51000 Size: 8960 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\Drivers\SbPrcCtl.SYS" at address 0xa469f9b1

#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0x9cf516d0

Stealth Objects
-------------------
Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: svchost.exe (PID: 1208) Address: 0xe29b7628 Size: -

Object: Hidden Handle [Index: 2052, Type: UnknownType]
Process: svchost.exe (PID: 1208) Address: 0xe36fe640 Size: -

Object: Hidden Handle [Index: 6148, Type: UnknownType]
Process: svchost.exe (PID: 1208) Address: 0xe361a818 Size: -

Object: Hidden Handle [Index: 6720, Type: Key]
Process: svchost.exe (PID: 1208) Address: 0xe1242c78 Size: -

Object: Hidden Handle [Index: 7668, Type: Key]
Process: svchost.exe (PID: 1208) Address: 0xe11014a0 Size: -

Object: Hidden Handle [Index: 7672, Type: Key]
Process: svchost.exe (PID: 1208) Address: 0xe3651080 Size: -

Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: IDA.EXE (PID: 3120) Address: 0xe35ad818 Size: -

==EOF==

My OTL log with LOP and Purity check enable, scanned for all not excluding safelist:

OTL logfile created on: 25/10/2009 12:13:40 PM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Vijay\MalwareRemove
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.12% Memory free
3.84 Gb Paging File | 3.31 Gb Available in Paging File | 86.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 15.97 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VGOPAL14
Current User Name: gopalvi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (All) ==========

PRC - [2009/10/24 23:29:02 | 00,472,064 | ---- | M] ( ) -- C:\Vijay\MalwareRemove\RootRepeal.exe
PRC - [2009/10/23 15:48:54 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Vijay\MalwareRemove\OTL.exe
PRC - [2009/09/03 08:23:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/25 04:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/06/05 14:20:10 | 02,973,696 | ---- | M] (O2) -- C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
PRC - [2009/05/05 09:24:40 | 00,864,256 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe
PRC - [2009/03/25 18:26:21 | 00,380,988 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe
PRC - [2009/03/13 14:57:46 | 00,141,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2009/03/13 14:57:34 | 00,173,592 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2008/11/04 14:46:22 | 00,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2008/10/14 15:02:30 | 00,238,080 | ---- | M] () -- C:\Program Files\HPAVAdminScan\avChgSvc.exe
PRC - [2008/08/12 11:33:42 | 00,176,128 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
PRC - [2008/08/07 14:34:26 | 00,023,040 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPAVAdminScan\hpavAdminScanService.exe
PRC - [2008/07/03 07:28:32 | 00,315,570 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
PRC - [2008/05/13 09:20:56 | 00,198,184 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2008/05/13 09:20:56 | 00,141,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2008/05/13 09:20:56 | 00,128,552 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2008/05/13 09:20:54 | 00,297,000 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2008/04/14 00:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/14 00:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe
PRC - [2008/04/14 00:12:38 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsvr.exe
PRC - [2008/04/14 00:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe
PRC - [2008/04/14 00:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
PRC - [2008/04/14 00:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
PRC - [2008/04/14 00:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
PRC - [2008/04/14 00:12:33 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SCardSvr.exe
PRC - [2008/04/14 00:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe
PRC - [2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\notepad.exe
PRC - [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/14 00:12:24 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
PRC - [2008/04/14 00:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/14 00:12:16 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe
PRC - [2008/04/14 00:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrss.exe
PRC - [2008/04/14 00:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe
PRC - [2008/03/28 01:28:00 | 01,040,384 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/03/18 16:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
PRC - [2007/04/11 19:44:46 | 00,026,624 | ---- | M] (Hewlett Packard) -- C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
PRC - [2007/03/22 16:19:28 | 00,172,205 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
PRC - [2007/03/05 14:54:40 | 00,159,744 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
PRC - [2007/02/20 12:59:58 | 00,270,510 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
PRC - [2007/02/06 14:14:00 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 14:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2007/01/10 14:13:06 | 00,472,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/01/05 16:36:48 | 00,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/14 16:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/12/04 16:13:16 | 00,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
PRC - [2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/05/02 14:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2005/04/27 12:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/07/06 15:45:42 | 00,427,008 | ---- | M] (Mirek Wojtowicz) -- C:\Program Files\MWSnap\MWSnap.exe

========== Win32 Services (All) ==========

SRV - File not found -- -- (magaService [On_Demand | Stopped])
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/03/25 18:26:21 | 00,380,988 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe -- (SafeBootClientManager [Auto | Running])
SRV - [2008/10/14 15:02:30 | 00,238,080 | ---- | M] () -- C:\Program Files\HPAVAdminScan\avChgSvc.exe -- (AvChgSvc [Auto | Running])
SRV - [2008/08/07 14:34:26 | 00,023,040 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPAVAdminScan\hpavAdminScanService.exe -- (HPAVAdminScanSvc [Auto | Running])
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/07 20:26:58 | 00,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\es.dll -- (EventSystem [On_Demand | Running])
SRV - [2008/07/03 07:28:32 | 00,315,570 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe -- (Radstgms [Auto | Running])
SRV - [2008/06/20 17:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswsock.dll -- (Nla [On_Demand | Running])
SRV - [2008/06/19 17:08:44 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Disabled | Stopped])
SRV - [2008/05/19 00:57:42 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
SRV - [2008/05/13 09:20:56 | 00,198,184 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca [Auto | Running])
SRV - [2008/04/17 04:50:12 | 00,175,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w32time.dll -- (W32Time [Auto | Running])
SRV - [2008/04/17 04:50:12 | 00,134,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll -- (lanmanworkstation [Auto | Running])
SRV - [2008/04/14 00:12:40 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Stopped])
SRV - [2008/04/14 00:12:38 | 00,289,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssvc.exe -- (VSS [On_Demand | Stopped])
SRV - [2008/04/14 00:12:38 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsvr.exe -- (TlntSvr [Auto | Running])
SRV - [2008/04/14 00:12:38 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ups.exe -- (UPS [On_Demand | Stopped])
SRV - [2008/04/14 00:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler [Auto | Running])
SRV - [2008/04/14 00:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe -- (HidServ [Disabled | Stopped])
SRV - [2008/04/14 00:12:35 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped])
SRV - [2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe -- (RDSessMgr [Disabled | Stopped])
SRV - [2008/04/14 00:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe -- (PlugPlay [Auto | Running])
SRV - [2008/04/14 00:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe -- (Eventlog [Auto | Running])
SRV - [2008/04/14 00:12:33 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr [Auto | Running])
SRV - [2008/04/14 00:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe -- (NetDDEdsdm [Auto | Running])
SRV - [2008/04/14 00:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe -- (NetDDE [Auto | Running])
SRV - [2008/04/14 00:12:27 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe -- (MSDTC [On_Demand | Stopped])
SRV - [2008/04/14 00:12:25 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe -- (mnmsrvc [Disabled | Stopped])
SRV - [2008/04/14 00:12:24 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe -- (RpcLocator [Auto | Running])
SRV - [2008/04/14 00:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (SamSs [Auto | Running])
SRV - [2008/04/14 00:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage [Auto | Running])
SRV - [2008/04/14 00:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (PolicyAgent [Auto | Running])
SRV - [2008/04/14 00:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (NtLmSsp [On_Demand | Running])
SRV - [2008/04/14 00:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (Netlogon [Auto | Running])
SRV - [2008/04/14 00:12:22 | 00,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi.exe -- (ImapiService [On_Demand | Stopped])
SRV - [2008/04/14 00:12:17 | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
SRV - [2008/04/14 00:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv [On_Demand | Stopped])
SRV - [2008/04/14 00:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
SRV - [2008/04/14 00:12:14 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipsrv.exe -- (ClipSrv [On_Demand | Stopped])
SRV - [2008/04/14 00:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
SRV - [2008/04/14 00:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe -- (ALG [On_Demand | Running])
SRV - [2008/04/14 00:12:11 | 00,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsvc.dll -- (WZCSVC [Auto | Stopped])
SRV - [2008/04/14 00:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprov.dll -- (xmlprov [On_Demand | Stopped])
SRV - [2008/04/14 00:12:11 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll -- (wuauserv [Auto | Running])
SRV - [2008/04/14 00:12:10 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc [Auto | Stopped])
SRV - [2008/04/14 00:12:09 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WMIsvc.dll -- (winmgmt [Auto | Running])
SRV - [2008/04/14 00:12:08 | 00,333,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaservc.dll -- (stisvc [Auto | Running])
SRV - [2008/04/14 00:12:08 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\upnphost.dll -- (upnphost [On_Demand | Stopped])
SRV - [2008/04/14 00:12:08 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webclnt.dll -- (WebClient [Auto | Running])
SRV - [2008/04/14 00:12:08 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ssl.dll -- (HTTPFilter [Auto | Running])
SRV - [2008/04/14 00:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll -- (TermService [On_Demand | Running])
SRV - [2008/04/14 00:12:07 | 00,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv [Auto | Running])
SRV - [2008/04/14 00:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll -- (srservice [Auto | Running])
SRV - [2008/04/14 00:12:07 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll -- (lanmanserver [Auto | Running])
SRV - [2008/04/14 00:12:07 | 00,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\trkwks.dll -- (TrkWks [Disabled | Stopped])
SRV - [2008/04/14 00:12:07 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssdpsrv.dll -- (SSDPSRV [On_Demand | Running])
SRV - [2008/04/14 00:12:05 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll -- (Schedule [Auto | Running])
SRV - [2008/04/14 00:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (Themes [Auto | Running])
SRV - [2008/04/14 00:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection [Auto | Running])
SRV - [2008/04/14 00:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (FastUserSwitchingCompatibility [On_Demand | Stopped])
SRV - [2008/04/14 00:12:05 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sens.dll -- (SENS [Auto | Running])
SRV - [2008/04/14 00:12:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\seclogon.dll -- (seclogon [Auto | Running])
SRV - [2008/04/14 00:12:04 | 00,399,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs [Auto | Running])
SRV - [2008/04/14 00:12:04 | 00,399,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss.dll -- (DcomLaunch [Auto | Running])
SRV - [2008/04/14 00:12:04 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvc.dll -- (RemoteRegistry [Disabled | Stopped])
SRV - [2008/04/14 00:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll -- (BITS [On_Demand | Stopped])
SRV - [2008/04/14 00:12:03 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll -- (napagent [On_Demand | Stopped])
SRV - [2008/04/14 00:12:03 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasmans.dll -- (RasMan [Auto | Running])
SRV - [2008/04/14 00:12:03 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto [Auto | Running])
SRV - [2008/04/14 00:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmssvc.dll -- (NtmsSvc [On_Demand | Stopped])
SRV - [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/14 00:12:01 | 00,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netman.dll -- (Netman [On_Demand | Running])
SRV - [2008/04/14 00:11:59 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll -- (Messenger [Disabled | Stopped])
SRV - [2008/04/14 00:11:57 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mprdim.dll -- (RemoteAccess [Auto | Running])
SRV - [2008/04/14 00:11:56 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll -- (hkmsvc [On_Demand | Stopped])
SRV - [2008/04/14 00:11:56 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll -- (LmHosts [Auto | Running])
SRV - [2008/04/14 00:11:55 | 00,331,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess [Auto | Running])
SRV - [2008/04/14 00:11:53 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc [Auto | Running])
SRV - [2008/04/14 00:11:52 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll -- (Dot3svc [On_Demand | Stopped])
SRV - [2008/04/14 00:11:52 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache [Auto | Running])
SRV - [2008/04/14 00:11:52 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost [On_Demand | Stopped])
SRV - [2008/04/14 00:11:52 | 00,023,552 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dmserver.dll -- (dmserver [Auto | Running])
SRV - [2008/04/14 00:11:51 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp [Auto | Running])
SRV - [2008/04/14 00:11:51 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc [Auto | Running])
SRV - [2008/04/14 00:11:50 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browser.dll -- (Browser [Auto | Running])
SRV - [2008/04/14 00:11:50 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\audiosrv.dll -- (AudioSrv [Auto | Running])
SRV - [2008/04/14 00:11:49 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt [On_Demand | Stopped])
SRV - [2008/04/14 00:11:49 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alrsvc.dll -- (Alerter [Disabled | Stopped])
SRV - [2008/04/14 00:11:48 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll -- (Wmi [On_Demand | Stopped])
SRV - [2008/03/18 16:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2008/02/28 10:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/02/28 10:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2007/09/17 10:58:22 | 00,045,056 | ---- | M] (LANovation) -- C:\WINDOWS\System32\PCTKRNT.SYS -- (PictureTaker [On_Demand | Stopped])
SRV - [2007/08/11 19:05:27 | 03,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Liveupdate\LuComServer_3_3.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/03/22 16:19:28 | 00,172,205 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe -- (radsched [Auto | Running])
SRV - [2007/02/20 12:59:58 | 00,270,510 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe -- (radexecd [Auto | Running])
SRV - [2007/02/06 14:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
SRV - [2006/12/14 16:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/12/04 16:13:16 | 00,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI [Auto | Running])
SRV - [2006/10/18 21:47:16 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSNSv.dll -- (WmdmPmSN [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
SRV - [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFSvc.dll -- (WudfSvc [Auto | Running])
SRV - [2006/05/02 14:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex [Auto | Running])
SRV - [2005/04/27 12:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2003/07/28 18:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2001/08/23 19:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsvp.exe -- (RSVP [Disabled | Stopped])

========== Driver Services (All) ==========

DRV - File not found -- -- (WDICA [On_Demand | Stopped])
DRV - File not found -- -- (Simbad [Disabled | Stopped])
DRV - File not found -- -- (rkhdrv40 [On_Demand | Stopped])
DRV - File not found -- -- (PDRFRAME [On_Demand | Stopped])
DRV - File not found -- -- (PDRELI [On_Demand | Stopped])
DRV - File not found -- -- (PDFRAME [On_Demand | Stopped])
DRV - File not found -- -- (PDCOMP [On_Demand | Stopped])
DRV - File not found -- -- (PCIDump [System | Stopped])
DRV - File not found -- -- (NSNDIS5 [On_Demand | Stopped])
DRV - File not found -- -- (MEMSWEEP2 [On_Demand | Stopped])
DRV - File not found -- -- (lbrtfdc [System | Stopped])
DRV - File not found -- -- (Changer [System | Stopped])
DRV - File not found -- -- (catchme [On_Demand | Stopped])
DRV - File not found -- -- (Atdisk [Disabled | Stopped])
DRV - File not found -- -- (actccid [On_Demand | Stopped])
DRV - File not found -- -- (Abiosdsk [Disabled | Stopped])
DRV - [2009/10/25 09:46:15 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2009/04/04 19:00:01 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2009/03/25 18:25:40 | 00,015,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\SbPrcCtl.sys -- (SbPrcCtl [System | Running])
DRV - [2009/03/25 18:25:06 | 00,006,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock [Boot | Running])
DRV - [2009/03/25 18:25:00 | 00,033,328 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\RsvLock.sys -- (RsvLock [System | Running])
DRV - [2009/03/25 18:24:52 | 00,034,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\SbFlop.sys -- (SbFlop [System | Running])
DRV - [2009/03/25 18:24:36 | 00,103,760 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot [Boot | Running])
DRV - [2009/03/09 08:36:58 | 06,278,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2009/02/02 11:18:43 | 00,010,752 | ---- | M] (F5 Networks) -- C:\WINDOWS\System32\drivers\urfltw2k.sys -- (f5ipfw [On_Demand | Stopped])
DRV - [2009/02/02 11:18:35 | 00,028,288 | ---- | M] (F5 Networks) -- C:\WINDOWS\System32\DRIVERS\urvpndrv.sys -- (urvpndrv [On_Demand | Running])
DRV - [2008/12/11 10:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\srv.sys -- (Srv [On_Demand | Running])
DRV - [2008/10/24 11:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mrxsmb.sys -- (MRxSmb [System | Running])
DRV - [2008/08/29 10:39:32 | 00,039,296 | ---- | M] (SCM Microsystems Inc.) -- C:\WINDOWS\System32\DRIVERS\SCR24X2K.sys -- (SCR24X2K [On_Demand | Running])
DRV - [2008/08/28 23:34:30 | 03,632,384 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw5x32.sys -- (NETw5x32 [On_Demand | Running])
DRV - [2008/08/22 11:07:38 | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
DRV - [2008/08/14 10:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD [System | Running])
DRV - [2008/08/13 13:51:42 | 00,044,976 | ---- | M] (SafeBoot N.V.) -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SBAlg [Boot | Running])
DRV - [2008/06/20 11:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip.sys -- (Tcpip [System | Running])
DRV - [2008/06/19 17:07:50 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2008/04/28 20:22:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])
DRV - [2008/04/14 00:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
DRV - [2008/04/14 00:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
DRV - [2008/04/14 00:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\termdd.sys -- (TermDD [System | Running])
DRV - [2008/04/14 00:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
DRV - [2008/04/13 19:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\rdbss.sys -- (Rdbss [System | Running])
DRV - [2008/04/13 19:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\netbt.sys -- (NetBT [System | Running])
DRV - [2008/04/13 19:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ndiswan.sys -- (NdisWan [On_Demand | Running])
DRV - [2008/04/13 19:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
DRV - [2008/04/13 19:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\raspptp.sys -- (PptpMiniport [On_Demand | Running])
DRV - [2008/04/13 19:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
DRV - [2008/04/13 19:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ipsec.sys -- (IPSec [System | Running])
DRV - [2008/04/13 19:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\i8042prt.sys -- (i8042prt [System | Running])
DRV - [2008/04/13 19:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys -- (wdmaud [On_Demand | Running])
DRV - [2008/04/13 19:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup [Boot | Running])
DRV - [2008/04/13 19:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys -- (sysaudio [On_Demand | Running])
DRV - [2008/04/13 19:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
DRV - [2008/04/13 19:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serial.sys -- (Serial [System | Stopped])
DRV - [2008/04/13 19:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat [Disabled | Running])
DRV - [2008/04/13 19:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs [Disabled | Running])
DRV - [2008/04/13 19:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem [On_Demand | Running])
DRV - [2008/04/13 18:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\raspppoe.sys -- (RasPppoe [On_Demand | Running])
DRV - [2008/04/13 18:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
DRV - [2008/04/13 18:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\asyncmac.sys -- (AsyncMac [On_Demand | Stopped])
DRV - [2008/04/13 18:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ndistapi.sys -- (NdisTapi [On_Demand | Running])
DRV - [2008/04/13 18:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wanarp.sys -- (Wanarp [On_Demand | Running])
DRV - [2008/04/13 18:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ipnat.sys -- (IpNat [On_Demand | Running])
DRV - [2008/04/13 18:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp [On_Demand | Stopped])
DRV - [2008/04/13 18:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2008/04/13 18:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\psched.sys -- (PSched [On_Demand | Running])
DRV - [2008/04/13 18:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msgpc.sys -- (Gpc [On_Demand | Running])
DRV - [2008/04/13 18:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\netbios.sys -- (NetBIOS [System | Running])
DRV - [2008/04/13 18:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ndisuio.sys -- (Ndisuio [On_Demand | Running])
DRV - [2008/04/13 18:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\irenum.sys -- (IRENUM [On_Demand | Stopped])
DRV - [2008/04/13 18:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\HTTP.sys -- (HTTP [On_Demand | Running])
DRV - [2008/04/13 18:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys -- (Ip6Fw [On_Demand | Stopped])
DRV - [2008/04/13 18:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nic1394.sys -- (NIC1394 [On_Demand | Running])
DRV - [2008/04/13 18:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\arp1394.sys -- (Arp1394 [On_Demand | Running])
DRV - [2008/04/13 18:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
DRV - [2008/04/13 18:46:18 | 00,061,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394 [Boot | Running])
DRV - [2008/04/13 18:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR [On_Demand | Stopped])
DRV - [2008/04/13 18:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbhub.sys -- (usbhub [On_Demand | Running])
DRV - [2008/04/13 18:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
DRV - [2008/04/13 18:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbuhci.sys -- (usbuhci [On_Demand | Running])
DRV - [2008/04/13 18:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\hidusb.sys -- (HidUsb [On_Demand | Stopped])
DRV - [2008/04/13 18:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
DRV - [2008/04/13 18:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys -- (kmixer [On_Demand | Stopped])
DRV - [2008/04/13 18:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys -- (swmidi [On_Demand | Stopped])
DRV - [2008/04/13 18:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys -- (splitter [On_Demand | Stopped])
DRV - [2008/04/13 18:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys -- (DMusic [On_Demand | Stopped])
DRV - [2008/04/13 18:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped])
DRV - [2008/04/13 18:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio [Boot | Running])
DRV - [2008/04/13 18:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave [System | Running])
DRV - [2008/04/13 18:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\i2omp.sys -- (i2omp [Disabled | Stopped])
DRV - [2008/04/13 18:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt [System | Running])
DRV - [2008/04/13 18:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap [Boot | Running])
DRV - [2008/04/13 18:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\imapi.sys -- (Imapi [System | Running])
DRV - [2008/04/13 18:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr [Boot | Running])
DRV - [2008/04/13 18:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy [System | Stopped])
DRV - [2008/04/13 18:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk [Boot | Running])
DRV - [2008/04/13 18:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\cdrom.sys -- (Cdrom [System | Running])
DRV - [2008/04/13 18:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde [Disabled | Stopped])
DRV - [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - [2008/04/13 18:40:29 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde [Disabled | Stopped])
DRV - [2008/04/13 18:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\redbook.sys -- (redbook [System | Running])
DRV - [2008/04/13 18:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fdc.sys -- (Fdc [On_Demand | Stopped])
DRV - [2008/04/13 18:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk [System | Stopped])
DRV - [2008/04/13 18:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serenum.sys -- (serenum [On_Demand | Stopped])
DRV - [2008/04/13 18:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\parport.sys -- (Parport [On_Demand | Running])
DRV - [2008/04/13 18:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\swenum.sys -- (swenum [On_Demand | Running])
DRV - [2008/04/13 18:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSKSSRV.sys -- (MSKSSRV [On_Demand | Stopped])
DRV - [2008/04/13 18:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPQM.sys -- (MSPQM [On_Demand | Stopped])
DRV - [2008/04/13 18:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK [On_Demand | Stopped])
DRV - [2008/04/13 18:39:48 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mouclass.sys -- (Mouclass [System | Running])
DRV - [2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\kbdhid.sys -- (kbdhid [System | Running])
DRV - [2008/04/13 18:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\kbdclass.sys -- (Kbdclass [System | Running])
DRV - [2008/04/13 18:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\update.sys -- (Update [On_Demand | Running])
DRV - [2008/04/13 18:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
DRV - [2008/04/13 18:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr [Boot | Running])
DRV - [2008/04/13 18:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mssmbios.sys -- (mssmbios [On_Demand | Running])
DRV - [2008/04/13 18:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI [Boot | Running])
DRV - [2008/04/13 18:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys -- (Pcmcia [Boot | Running])
DRV - [2008/04/13 18:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp [Boot | Running])
DRV - [2008/04/13 18:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\viaagp.sys -- (viaagp [Disabled | Stopped])
DRV - [2008/04/13 18:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys -- (agpCPQ [Disabled | Stopped])
DRV - [2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2008/04/13 18:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2008/04/13 18:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\alim1541.sys -- (alim1541 [Disabled | Stopped])
DRV - [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\agp440.sys -- (agp440 [Disabled | Stopped])
DRV - [2008/04/13 18:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wmiacpi.sys -- (WmiAcpi [System | Running])
DRV - [2008/04/13 18:36:37 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV - [2008/04/13 18:36:37 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt [Boot | Running])
DRV - [2008/04/13 18:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI [Boot | Running])
DRV - [2008/04/13 18:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips [System | Running])
DRV - [2008/04/13 18:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr [Boot | Running])
DRV - [2008/04/13 18:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\rdpdr.sys -- (rdpdr [On_Demand | Running])
DRV - [2008/04/13 18:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mrxdav.sys -- (MRxDAV [On_Demand | Running])
DRV - [2008/04/13 18:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs [System | Running])
DRV - [2008/04/13 18:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs [System | Running])
DRV - [2008/04/13 18:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs [Disabled | Stopped])
DRV - [2008/04/13 18:31:43 | 00,092,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD [Boot | Running])
DRV - [2008/04/13 18:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm [System | Running])
DRV - [2008/04/13 17:45:40 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbccgp.sys -- (usbccgp [On_Demand | Stopped])
DRV - [2008/04/13 17:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbscan.sys -- (usbscan [On_Demand | Stopped])
DRV - [2008/04/13 16:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys -- (aec [On_Demand | Stopped])
DRV - [2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/03/29 16:36:28 | 00,125,328 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2008/03/28 01:14:00 | 00,224,672 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/03/21 16:13:00 | 01,203,776 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/10/01 18:27:40 | 00,281,600 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2007/09/17 11:24:18 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/08/03 09:31:00 | 00,023,424 | ---- | M] (Hewlett Packard) -- C:\WINDOWS\System32\DRIVERS\radiamsi.sys -- (RadiaMsi [On_Demand | Running])
DRV - [2007/07/13 15:26:12 | 00,094,976 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running])
DRV - [2007/06/29 09:25:12 | 00,033,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\TsWlan.sys -- (TSWLAN [On_Demand | Running])
DRV - [2007/06/26 22:06:42 | 00,041,672 | ---- | M] (SCM Microsystems Inc.) -- C:\WINDOWS\System32\DRIVERS\S241PCMC.sys -- (SCR241 PCMCIA Smart Card Reader [On_Demand | Stopped])
DRV - [2007/06/26 22:06:42 | 00,013,647 | ---- | M] (ActivIdentity) -- C:\WINDOWS\System32\DRIVERS\aksbus.sys -- (aksbus [On_Demand | Running])
DRV - [2007/06/26 22:06:42 | 00,013,619 | ---- | M] (ActivCard) -- C:\WINDOWS\System32\DRIVERS\akbus.sys -- (akbus [On_Demand | Running])
DRV - [2007/06/26 22:06:42 | 00,009,493 | ---- | M] (ActivCard) -- C:\WINDOWS\System32\DRIVERS\akpcsc.sys -- (akpcsc [On_Demand | Running])
DRV - [2007/06/25 07:04:10 | 00,010,193 | ---- | M] (ActivIdentity) -- C:\WINDOWS\System32\DRIVERS\akspcsc.sys -- (akspcsc [On_Demand | Running])
DRV - [2007/04/26 12:03:02 | 00,026,137 | ---- | M] (Nortel Networks) -- C:\WINDOWS\System32\DRIVERS\eacfilt.sys -- (Eacfilt [On_Demand | Running])
DRV - [2007/04/26 12:02:44 | 00,155,152 | ---- | M] (Nortel Networks NA, Inc.) -- C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys -- (IPSECSHM [On_Demand | Running])
DRV - [2007/04/26 12:02:44 | 00,155,152 | ---- | M] (Nortel Networks NA, Inc.) -- C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys -- (IPSECEXT [On_Demand | Stopped])
DRV - [2007/03/01 15:13:06 | 02,203,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Stopped])
DRV - [2007/02/27 09:21:00 | 00,160,256 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2007/02/14 20:21:00 | 00,067,960 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2007/02/14 20:20:58 | 00,868,298 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2007/02/14 20:20:56 | 00,530,861 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2007/02/12 13:36:54 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2007/01/18 16:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2006/11/30 10:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabfiltr.sys -- (eabfiltr [System | Running])
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV - [2006/10/17 10:59:06 | 00,022,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2006/10/17 10:57:58 | 00,017,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wudfrd.sys -- (WudfRd [On_Demand | Stopped])
DRV - [2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf [Boot | Running])
DRV - [2006/09/19 16:58:58 | 00,036,608 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS -- (IFXTPM [On_Demand | Running])
DRV - [2006/05/25 15:28:18 | 00,121,216 | R--- | M] (AuthenTec, Inc.) -- C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV [On_Demand | Running])
DRV - [2005/11/01 12:00:46 | 00,092,288 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi [Disabled | Stopped])
DRV - [2005/01/26 10:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
DRV - [2004/06/26 12:22:00 | 00,004,736 | ---- | M] (RDV Soft) -- C:\WINDOWS\System32\DRIVERS\vncdrv.sys -- (vncdrv [On_Demand | Stopped])
DRV - [2001/08/23 19:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
DRV - [2001/08/23 19:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
DRV - [2001/08/23 19:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio [System | Stopped])
DRV - [2001/08/23 19:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/23 19:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\raspti.sys -- (Raspti [On_Demand | Running])
DRV - [2001/08/23 19:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
DRV - [2001/08/23 19:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC [Boot | Running])
DRV - [2001/08/23 19:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\rasacd.sys -- (RasAcd [System | Running])
DRV - [2001/08/23 19:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm [Disabled | Stopped])
DRV - [2001/08/23 19:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload [Boot | Running])
DRV - [2001/08/23 19:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\RDPCDD.sys -- (RDPCDD [System | Running])
DRV - [2001/08/23 19:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd [System | Running])
DRV - [2001/08/23 19:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
DRV - [2001/08/23 19:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
DRV - [2001/08/17 13:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\audstub.sys -- (audstub [On_Demand | Running])
DRV - [2001/08/17 12:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde [Boot | Running])
DRV - [2001/08/17 12:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mouhid.sys -- (mouhid [On_Demand | Stopped])
DRV - [2001/08/17 12:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\hpn.sys -- (hpn [Disabled | Stopped])
DRV - [2001/08/17 12:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o [Disabled | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\perc2hib.sys -- (perc2hib [Disabled | Stopped])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 12:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\perc2.sys -- (perc2 [Disabled | Stopped])
DRV - [2001/08/17 12:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2 [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 12:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2001/08/17 11:52:50 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk [Boot | Running])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1240.sys -- (ql1240 [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys -- (Ql10wnt [Disabled | Stopped])
DRV - [2001/08/17 11:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\dac960nt.sys -- (dac960nt [Disabled | Stopped])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2001/08/17 11:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ini910u.sys -- (ini910u [Disabled | Stopped])
DRV - [2001/08/17 11:52:08 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k [Disabled | Stopped])
DRV - [2001/08/17 11:52:08 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys -- (cbidf [Disabled | Stopped])
DRV - [2001/08/17 11:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys -- (Cpqarray [Disabled | Stopped])
DRV - [2001/08/17 11:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys -- (cd20xrnt [Disabled | Stopped])
DRV - [2001/08/17 11:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\asc3350p.sys -- (asc3350p [Disabled | Stopped])
DRV - [2001/08/17 11:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\amsint.sys -- (amsint [Disabled | Stopped])
DRV - [2001/08/17 11:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\aha154x.sys -- (Aha154x [Disabled | Stopped])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 11:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS -- (abp480n5 [Disabled | Stopped])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2001/08/17 11:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\toside.sys -- (TosIde [Disabled | Stopped])
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])

========== Modules (All) ==========

MOD - [2009/10/23 15:48:54 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Vijay\MalwareRemove\OTL.exe
MOD - [2008/10/23 12:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\GDI32.dll
MOD - [2008/04/14 05:42:06 | 00,985,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SETUPAPI.dll
MOD - [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 00:12:45 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
MOD - [2008/04/14 00:12:09 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmm.dll
MOD - [2008/04/14 00:12:09 | 00,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WLDAP32.dll
MOD - [2008/04/14 00:12:08 | 00,727,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\USERENV.dll
MOD - [2008/04/14 00:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
MOD - [2008/04/14 00:12:08 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll
MOD - [2008/04/14 00:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\version.dll
MOD - [2008/04/14 00:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll
MOD - [2008/04/14 00:12:05 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SHLWAPI.dll
MOD - [2008/04/14 00:12:05 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Secur32.dll
MOD - [2008/04/14 00:12:04 | 00,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\RPCRT4.dll
MOD - [2008/04/14 00:12:04 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SAMLIB.dll
MOD - [2008/04/14 00:12:03 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PSAPI.dll
MOD - [2008/04/14 00:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ole32.dll
MOD - [2008/04/14 00:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
MOD - [2008/04/14 00:12:02 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\NTMARTA.DLL
MOD - [2008/04/14 00:12:02 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\olepro32.dll
MOD - [2008/04/14 00:12:01 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrt.dll
MOD - [2008/04/14 00:11:59 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msimg32.dll
MOD - [2008/04/14 00:11:58 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCTF.dll
MOD - [2008/04/14 00:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
MOD - [2008/04/14 00:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IMM32.DLL
MOD - [2008/04/14 00:11:48 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ADVAPI32.dll
MOD - [2008/04/14 00:11:24 | 00,706,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
MOD - [2008/04/14 00:10:06 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msctfime.ime
MOD - [2007/02/06 14:19:44 | 00,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\btmmhook.dll
MOD - [2007/02/06 14:16:06 | 00,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://inline.compaq...tp/ie/addon.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1957994488-842925246-40105171-945270\S-1-5-21-1957994488-842925246-40105171-945270\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.autoconfig_url: "http://autocache.hp.com/"

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/02 09:55:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/09 20:56:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/16 17:03:29 | 00,000,000 | ---D | M]

[2008/11/15 04:46:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\mozilla\Extensions
[2008/10/15 18:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/11/15 04:46:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\mozilla\Extensions\[email protected]
[2009/10/16 13:50:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\mozilla\Firefox\Profiles\8qpv0bz4.default\extensions
[2009/09/03 08:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\mozilla\Firefox\Profiles\8qpv0bz4.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/07/09 21:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\mozilla\Firefox\Profiles\8qpv0bz4.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/09/03 08:24:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\mozilla\Firefox\Profiles\8qpv0bz4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/18 09:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\mozilla\Firefox\Profiles\8qpv0bz4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/02 15:30:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\mozilla\Firefox\Profiles\8qpv0bz4.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/02/28 20:29:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\mozilla\Firefox\Profiles\8qpv0bz4.default\extensions\[email protected]
[2009/10/08 21:30:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/03 08:23:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 19:34:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/26 23:09:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/16 18:22:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/03 08:22:59 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/03 08:22:59 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/16 17:42:36 | 00,013,112 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
[2008/08/16 17:42:02 | 00,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 00,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 00,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/08/16 17:43:00 | 00,206,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxmui.dll
[2008/08/16 17:42:10 | 00,031,032 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\icafile.dll
[2008/08/16 17:42:32 | 00,040,248 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\icalogon.dll
[2008/05/21 08:41:08 | 00,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/08/16 17:44:46 | 00,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/02/06 11:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/03 08:23:09 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 17:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/10/09 20:56:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/09 20:56:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/09 20:56:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/09 20:56:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/09 20:56:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/09 20:56:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/09 20:56:08 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/06/05 13:58:54 | 00,648,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
[2008/08/16 17:42:04 | 00,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2009/09/03 08:23:13 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/09/03 08:23:13 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/03 08:23:13 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/09/03 08:23:13 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/03 08:23:13 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/09/03 08:23:13 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/03 08:23:13 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/03 08:23:13 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Plugin Class) - {56CD20F0-7C09-11D5-A768-0050042307CE} - c:\program files\sap\sap tutor\free_playerie.dll (SAP AG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COEMsgDisplay] c:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe (Hewlett Packard)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GetITIcon] C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IDA] c:\Program Files\Hewlett-Packard\PC COE\IDA.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2)
O4 - HKLM..\Run: [PDF4 Registry Controller] c:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\S-1-5-21-1957994488-842925246-40105171-945270..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1957994488-842925246-40105171-945270..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1957994488-842925246-40105171-945270..\Run: [MWSnap] C:\Program Files\MWSnap\MWSnap.exe (Mirek Wojtowicz)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Private system. Authorization required.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = This is a private system, explicit authorization from the system owner is required for access or use. Unauthorized access or use may result in severe civil and/or criminal liability, including without limitation under 18 USC Sections 1030 et seq. All rights whatsoever are reserved.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableNT4Policy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270_Classes\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-1957994488-842925246-40105171-945270_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - c:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe (Hewlett-Packard Company)
O9 - Extra 'Tools' menuitem : Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe (Hewlett-Packard Company)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: compaq.co.jp ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compaq.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compaq.com ([ie.config.asia] http in Trusted sites)
O15 - HKLM\..Trusted Domains: compaq.com ([ie.config.eur] http in Trusted sites)
O15 - HKLM\..Trusted Domains: compaq.com ([ie.config.im.hou] http in Trusted sites)
O15 - HKLM\..Trusted Domains: compaq.com ([ie.config.jp] http in Trusted sites)
O15 - HKLM\..Trusted Domains: compaq.com.ar ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compaq.com.br ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compaq.com.cl ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compaq.com.co ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compaq.com.mx ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compaq.com.sg ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: compaq.com.ve ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: cpqcorp.net ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: dec.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: dec.com ([ie.config.ecom] http in Trusted sites)
O15 - HKLM\..Trusted Domains: digital.co.uk ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: digital.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: hp.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: microcom.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: tandem.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: tandem.com ([ie.config] http in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.co.jp ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com ([ie.config.asia] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com ([ie.config.eur] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com ([ie.config.im.hou] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com ([ie.config.jp] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com.ar ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com.br ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com.cl ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com.co ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com.mx ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com.sg ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: compaq.com.ve ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: cpqcorp.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: dcu.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: dcu.org ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: dec.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: dec.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: dec.com ([ie.config.ecom] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: digital.co.uk ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: digital.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: hp.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: hpe-learning.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: hpe-learning.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: hpqcorp.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: hpshopping.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: microcom.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: tandem.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: tandem.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-842925246-40105171-945270\..Trusted Domains: tandem.com ([ie.config] http in Trusted sites)
O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall33.cab (HPVirtualRooms33 Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://accesssnn.an...,2009,0202,1116 (F5 Networks VPN Manager)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://accesssnn.an...,2008,1015,1909 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://accesssnn.an...,2008,1015,1912 (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://accesssnn.an...,2008,1015,1905 (F5 Networks Policy Agent Host Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1189776183175 (WUWebControl Class)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://accesssnn.an...,2009,0312,0403 (F5 Networks SSLTunnel)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} https://accesssnn.an...,2009,0202,1112 (F5 Virtual Sandbox Class)
O16 - DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} https://digitalbadge...om/hp/HPPKI.cab (HPPKI Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://digitalbadge.../hp/capicom.cab (Settings Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://accesssnn.an...,2009,0217,2007 (F5 Networks SuperHost Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://india.webex....bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://accesssnn.an...,2009,0312,0410 (F5 Networks Host Control)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://emea.webacce...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://accesssnn.an...,2009,0227,2050 (F5 Networks OS Policy Agent)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Program) - File not found
O20 - HKLM Winlogon: GinaDLL - (Files\McAfee\Endpoint) - File not found
O20 - HKLM Winlogon: GinaDLL - (Encryption) - File not found
O20 - HKLM Winlogon: GinaDLL - (for) - File not found
O20 - HKLM Winlogon: GinaDLL - (PC\SBGINA.DLL) - File not found
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\System32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/26 10:45:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/09 20:55:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/10/09 20:55:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/10/23 14:52:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/08 21:30:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/23 14:53:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\gopalvi\Application Data\Malwarebytes
[2009/10/09 20:55:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\Apple
[2009/10/09 20:55:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\Apple Computer
[2009/10/20 11:50:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ActivIdentity
[2009/10/09 20:55:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/25 12:00:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/20 11:49:39 | 00,000,000 | ---D | C] -- C:\Program Files\ActivIdentity
[2009/10/09 20:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/25 11:40:15 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/25 11:45:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/02 09:53:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/09/25 12:41:46 | 00,000,000 | ---D | C] -- C:\Program Files\NinjaTrader 6.5
[2009/10/09 20:55:52 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/02 09:53:33 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/02 10:05:46 | 00,000,000 | ---D | C] -- C:\Program Files\TurTrade
[2009/10/25 11:45:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/25 11:45:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/25 11:08:25 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/10/25 09:48:54 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/10/25 00:43:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/25 00:38:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/25 00:38:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/05 11:30:28 | 00,000,000 | ---D | C] -- C:\Print
[2009/10/02 09:53:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/02 09:52:28 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/10/02 09:52:28 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/10/02 09:52:28 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/10/02 09:52:28 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/10/02 09:52:28 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/10/02 09:52:28 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/10/02 09:52:28 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/10/02 09:52:27 | 00,000,000 | ---D | C] -- C:\b114173d94e1744163c8
[2009/10/02 09:51:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/09/25 12:41:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\gopalvi\My Documents\NinjaTrader Backup
[2009/09/25 12:41:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\gopalvi\My Documents\NinjaTrader 6.5
[2009/04/04 19:00:01 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\gopalvi\Application Data\pcouffin.sys
[2008/06/24 10:59:44 | 03,100,672 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2008/06/24 10:59:43 | 00,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2008/06/24 10:59:43 | 00,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2008/06/24 10:59:43 | 00,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx

========== Files - Modified Within 30 Days ==========

[2009/10/25 12:06:00 | 00,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
[2009/10/25 11:40:15 | 00,000,617 | ---- | M] () -- C:\Documents and Settings\gopalvi\Desktop\NTREGOPT.lnk
[2009/10/25 11:40:15 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\gopalvi\Desktop\ERUNT.lnk
[2009/10/25 11:39:29 | 00,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 11:39:29 | 00,445,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/25 11:39:29 | 00,072,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/25 11:36:51 | 00,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/10/25 11:36:48 | 00,000,380 | -H-- | M] () -- C:\WINDOWS\tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
[2009/10/25 11:36:48 | 00,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
[2009/10/25 11:36:48 | 00,000,336 | -H-- | M] () -- C:\WINDOWS\tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
[2009/10/25 11:36:47 | 00,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
[2009/10/25 11:36:36 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/25 11:33:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/25 11:33:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/25 11:33:52 | 21,383,61856 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/25 09:46:15 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/10/25 00:48:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/25 00:48:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/25 00:25:55 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\gopalvi\Application Data\pcouffin.sys
[2009/10/25 00:25:55 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\gopalvi\Application Data\pcouffin.cat
[2009/10/25 00:25:55 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\gopalvi\Application Data\pcouffin.inf
[2009/10/23 13:47:00 | 00,001,458 | ---- | M] () -- C:\Documents and Settings\gopalvi\Desktop\Remote Access to HP Network 5.0.lnk
[2009/10/23 13:46:09 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\gopalvi\Desktop\Tutorial - Remote Access to HP.pdf.lnk
[2009/10/23 13:38:44 | 00,005,462 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/10/21 08:48:06 | 00,003,858 | ---- | M] () -- C:\ZMASTER.ZLOGDRVZMASTER.ZLOGDIRhistory.csv
[2009/10/20 12:15:20 | 00,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
[2009/10/20 11:51:38 | 00,086,093 | ---- | M] (ActivIdentity) -- C:\WINDOWS\System32\akspg.dll
[2009/10/20 11:51:37 | 00,086,097 | ---- | M] (ActivCard) -- C:\WINDOWS\System32\akpg.dll
[2009/10/20 11:51:37 | 00,073,811 | ---- | M] (ActivCard) -- C:\WINDOWS\System32\akins.dll
[2009/10/20 11:51:37 | 00,073,807 | ---- | M] (ActivIdentity) -- C:\WINDOWS\System32\aksins.dll
[2009/10/18 21:46:09 | 00,065,024 | ---- | M] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/16 16:38:51 | 00,000,491 | ---- | M] () -- C:\Documents and Settings\gopalvi\Desktop\Desktop Cleanup.lnk
[2009/10/15 14:55:02 | 00,001,898 | -H-- | M] () -- C:\Documents and Settings\gopalvi\My Documents\Default.rdp
[2009/10/02 10:01:28 | 00,054,528 | ---- | M] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/02 09:58:10 | 00,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/28 10:14:17 | 00,118,643 | ---- | M] () -- C:\EFD SPDD SPAU.zip

========== Files - No Company Name ==========
[2009/10/25 11:40:15 | 00,000,617 | ---- | C] () -- C:\Documents and Settings\gopalvi\Desktop\NTREGOPT.lnk
[2009/10/25 11:40:15 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\gopalvi\Desktop\ERUNT.lnk
[2009/10/25 00:48:52 | 00,000,346 | -H-- | C] () -- C:\WINDOWS\tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
[2009/10/25 00:48:52 | 00,000,336 | -H-- | C] () -- C:\WINDOWS\tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
[2009/10/25 00:48:51 | 00,000,380 | -H-- | C] () -- C:\WINDOWS\tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
[2009/10/25 00:48:49 | 00,000,392 | -H-- | C] () -- C:\WINDOWS\tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
[2009/10/25 00:48:47 | 00,000,264 | -H-- | C] () -- C:\WINDOWS\tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
[2009/10/23 13:47:00 | 00,001,458 | ---- | C] () -- C:\Documents and Settings\gopalvi\Desktop\Remote Access to HP Network 5.0.lnk
[2009/10/23 13:46:09 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\gopalvi\Desktop\Tutorial - Remote Access to HP.pdf.lnk
[2009/10/23 10:25:10 | 00,001,828 | ---- | C] () -- C:\Documents and Settings\gopalvi\Desktop\SMB-RA.RDP
[2009/10/20 11:50:26 | 00,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
[2009/10/16 16:38:17 | 00,000,491 | ---- | C] () -- C:\Documents and Settings\gopalvi\Desktop\Desktop Cleanup.lnk
[2009/09/28 10:16:37 | 00,118,643 | ---- | C] () -- C:\EFD SPDD SPAU.zip
[2009/09/08 05:41:30 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2009/08/10 12:00:36 | 00,000,048 | ---- | C] () -- C:\WINDOWS\sapgrph.ini
[2009/07/31 09:53:48 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\gopalvi\Application Data\winscp.rnd
[2009/04/13 16:14:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/04/04 19:01:38 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\gopalvi\Application Data\vso_ts_preview.xml
[2009/04/04 19:00:06 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\gopalvi\Application Data\pcouffin.log
[2009/04/04 19:00:01 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\gopalvi\Application Data\pcouffin.cat
[2009/04/04 19:00:01 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\gopalvi\Application Data\pcouffin.inf
[2009/04/03 08:40:23 | 00,005,462 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/03/31 13:40:54 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\FnF4.txt
[2009/01/24 20:35:22 | 00,063,986 | ---- | C] () -- C:\WINDOWS\System32\winrsrcb.dll
[2009/01/24 20:35:22 | 00,063,986 | ---- | C] () -- C:\WINDOWS\System32\Winrinnt.dll
[2008/10/24 23:14:32 | 00,065,024 | ---- | C] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/21 00:32:23 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/14 10:45:00 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\gopalvi\Application Data\PUTTY.RND
[2008/07/08 12:17:45 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\gopalvi\Application Data\$_hpcst$.hpc
[2008/06/24 13:49:00 | 00,001,728 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2008/06/24 10:59:43 | 01,129,984 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2008/06/24 10:59:43 | 01,124,864 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2008/06/24 10:58:32 | 01,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2008/06/24 10:58:32 | 00,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2008/06/24 10:58:32 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2008/06/24 10:58:32 | 00,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2008/06/24 10:58:32 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2008/06/24 10:58:30 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2008/06/24 10:01:25 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\PUTTY.RND
[2008/06/24 09:18:02 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\fusioncache.dat
[2008/06/19 17:08:52 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 17:08:44 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/06/06 10:38:25 | 00,826,268 | -H-- | C] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\IconCache.db
[2008/06/06 10:12:32 | 00,054,528 | ---- | C] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/06 10:12:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\QSwitch.txt
[2008/06/06 10:12:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\DSwitch.txt
[2008/06/06 10:12:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\gopalvi\Local Settings\Application Data\AtStart.txt
[2008/06/06 10:11:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\gopalvi\Application Data\desktop.ini
[2008/06/06 10:04:08 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/06/06 10:04:08 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/06/06 10:04:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/06/06 10:04:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/06/06 10:04:08 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/06/06 10:04:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/05/13 09:20:56 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\aicext.dll
[2008/01/14 15:47:06 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/10/02 20:45:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/17 11:06:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/14 13:45:46 | 00,000,041 | ---- | C] () -- C:\WINDOWS\CSERVE.INI
[2007/06/29 09:25:12 | 00,033,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\TsWlan.sys
[2007/04/17 09:33:15 | 00,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/04/17 09:33:15 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2007/02/06 14:20:00 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 13:55:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/26 11:39:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/01/26 10:49:51 | 00,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2005/02/17 10:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 10:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/10/26 19:30:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 23:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 19:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 00:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[1980/01/01 00:00:00 | 00,000,281 | ---- | C] () -- C:\WINDOWS\System32\BOOTBAK.INI
[1980/01/01 00:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/23 14:52:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/17 20:21:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/09/11 09:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/03/13 20:37:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg
[2009/04/13 20:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2009/04/13 20:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2008/12/08 09:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/11/15 04:46:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/04/04 19:39:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/10/20 12:07:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2007/01/26 11:39:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009/10/25 00:43:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\gopalvi\Application Data
[2009/04/04 19:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\dvdcss
[2009/09/11 07:43:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\Free Download Manager
[2008/12/23 18:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\ICAClient
[2008/06/24 08:26:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\Jabber Messenger
[2008/06/18 09:00:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\Juniper Networks
[2009/03/03 14:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\Leadertech
[2008/08/16 07:45:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\messages
[2008/10/20 15:14:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\ScanSoft
[2009/06/09 15:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\Tatara Systems
[2009/03/21 13:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\TeamViewer
[2008/11/15 04:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\TomTom
[2009/07/30 10:34:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\UltraVNC
[2009/10/25 00:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\Vso
[2008/08/17 08:35:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\webex
[2008/12/23 09:20:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\Windows Search
[2008/10/20 13:35:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\gopalvi\Application Data\Zeon
[2008/11/20 13:37:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2007/01/26 10:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/04/04 22:22:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Vijay\Application Data
[2009/04/04 22:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vijay\Application Data\Zeon
[2001/08/23 19:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/25 11:36:48 | 00,000,380 | -H-- | M] () -- C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
[2009/10/25 11:36:48 | 00,000,346 | -H-- | M] () -- C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
[2009/10/25 11:36:48 | 00,000,336 | -H-- | M] () -- C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
[2009/10/25 12:06:00 | 00,000,264 | -H-- | M] () -- C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
[2009/10/25 11:36:47 | 00,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
[2009/10/25 11:33:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >


Many Thanks.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP