Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ran Hitmanpro to remove google redirect virus and computer doesnt star

Started by pavithrasan , Jul 30 2011 12:02 AM

  • This topic is locked This topic is locked

#1
pavithrasan
Posted 30 July 2011 - 12:02 AM

pavithrasan

    Member

  • Member
  • PipPip
  • 20 posts
I have a Dell Inspiron 1545 with windows 7 .I recently had the google redirect virus affect it and so just after some google searching from a different machine,ran TDSKiller ,malwarebytes to try to remove it but it didnt detect the virus.So ran hitman pro and it detected rootkit and asked me to reboot to remove it. Once i rebooted the system,my laptop hasnot been able to boot eversince.
I have tried restoring to earlier points,logging in safe mode,logging in last known good configuration,trying fixmbr at command prompt .But none has fixed the problem so far.I am still not able to boot and am stopped at the repair screen each time. Only option I have not tried is restoring to factory image just for the fear that virus could affect that too just like it corrupted the restore points.Please advice me as how to proceed.I dont have any recovery cds or windows 7 installation discs.It would be great if I can get all my data back .But I would still be pleased if i am atleast able to boot up into a workable machine.Thank you for all your help.Please guide me as i see that the other threads related to this topic have been closed before any solution has been found.Thanks.
  • 0

Advertisements

#2
JSntgRvr
Posted 30 July 2011 - 07:27 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, pavithrasan :unsure:

:)

Lets give this a try throughout an External Environment, which simply means you will need to burn a boot CD with especial tools. You will also need a flash drive to move information from the troubled computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.
  • Download OTLPEStd.exe to your desktop. NOTE: This file is 93.5MB in size so it may take some time to download.
  • Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe.The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
  • Once the CD is burned, boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in


      /md5start
      UXTHEME.DLL
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      winlogon.exe
      volsnap.sys
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
pavithrasan
Posted 30 July 2011 - 05:28 PM

pavithrasan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks for responding.Sorry about the late reply.Was away and didnt get to check my mail.On clicking the OLTPE icon,it asks me to choose a directory. It either responds 'windows installation not found' or on choosing any drive responds 'Target is not windows 2000 or later'.Please help me as how to proceed.Thanks.
  • 0

#4
JSntgRvr
Posted 30 July 2011 - 06:01 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Which drive appears to be your Local Drive? Are you able to see your files and folders in the hard drive while browsing? In which drive they appear to be?
  • 0

#5
pavithrasan
Posted 30 July 2011 - 07:29 PM

pavithrasan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
In my laptop I used to have just a C Drive. But on clicking OTLPE,my folders seem to be listed under OS(E:). Other drives shown are Recovery(C:),Ramdisc(B:),ReatogoPE(X:),Removable(D:). My folders are under E:
  • 0

#6
JSntgRvr
Posted 30 July 2011 - 09:16 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Click on OTLPE. When asked for a directory, choose E:\Windows. Let me know if accepted.
  • 0

#7
pavithrasan
Posted 30 July 2011 - 09:42 PM

pavithrasan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you so much for the prompt replies.I am just running the scan as suggested by you.shall post it soon. But it didnot prompt me if i wanted to load remote registry.I dont know if that could be an issue.Shall soon post the log.
  • 0

#8
pavithrasan
Posted 30 July 2011 - 09:53 PM

pavithrasan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I have attached the otl.txt file. But it didnot ask me if i wanted to load remote registry.Thanks

Attached Files

  • Attached File  OTL.Txt   152.88KB   300 downloads

  • 0

#9
pavithrasan
Posted 30 July 2011 - 09:57 PM

pavithrasan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL.txt contents:

OTL logfile created on: 8/1/2011 3:40:56 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 14.65 Gb Total Space | 8.57 Gb Free Space | 58.50% Space Free | Partition Type: NTFS
Drive E: | 218.20 Gb Total Space | 185.63 Gb Free Space | 85.08% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.17 Gb Free Space | 62.53% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto] -- E:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto] -- E:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/18 10:08:44 | 000,155,456 | ---- | M] (McAfee, Inc.) [On_Demand] -- E:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/06/16 20:29:18 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand] -- E:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- E:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/12/06 15:41:33 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- E:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand] -- E:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [On_Demand] -- E:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (All) ==========

DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\clfs.sys -- (CLFS)
DRV:64bit: - [2009/07/13 21:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2009/07/13 21:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 21:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 21:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 21:52:21 | 000,334,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2009/07/13 21:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 21:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\agp440.sys -- (agp440)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\atapi.sys -- (atapi)
DRV:64bit: - [2009/07/13 21:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV:64bit: - [2009/07/13 21:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2009/07/13 21:48:27 | 000,224,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2009/07/13 21:48:27 | 000,155,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\mpio.sys -- (mpio)
DRV:64bit: - [2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV:64bit: - [2009/07/13 21:48:27 | 000,140,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\msdsm.sys -- (msdsm)
DRV:64bit: - [2009/07/13 21:48:27 | 000,094,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\mountmgr.sys -- (mountmgr)
DRV:64bit: - [2009/07/13 21:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- E:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV:64bit: - [2009/07/13 21:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\mouclass.sys -- (mouclass)
DRV:64bit: - [2009/07/13 21:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2009/07/13 21:48:27 | 000,030,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\msahci.sys -- (msahci)
DRV:64bit: - [2009/07/13 21:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2009/07/13 21:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV:64bit: - [2009/07/13 21:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2009/07/13 21:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 21:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/13 21:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 21:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 21:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2009/07/13 21:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 21:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 21:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV:64bit: - [2009/07/13 21:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\intelide.sys -- (intelide)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\disk.sys -- (Disk)
DRV:64bit: - [2009/07/13 21:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- E:\WINDOWS\System32\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2009/07/13 21:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\gagp30kx.sys -- (gagp30kx)
DRV:64bit: - [2009/07/13 21:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- E:\Windows\system32\DRIVERS\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 21:47:47 | 000,290,368 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- E:\WINDOWS\System32\drivers\fltMgr.sys -- (FltMgr)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\tcpip.sys -- (TCPIP6)
DRV:64bit: - [2009/07/13 21:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2009/07/13 21:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2009/07/13 21:45:55 | 000,363,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 21:45:55 | 000,071,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2009/07/13 21:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\uliagpkx.sys -- (uliagpkx)
DRV:64bit: - [2009/07/13 21:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\uagp35.sys -- (uagp35)
DRV:64bit: - [2009/07/13 21:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\termdd.sys -- (TermDD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\wd.sys -- (Wd)
DRV:64bit: - [2009/07/13 21:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 21:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\swenum.sys -- (swenum)
DRV:64bit: - [2009/07/13 21:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 21:45:46 | 000,075,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2009/07/13 21:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2009/07/13 21:45:45 | 000,183,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\pci.sys -- (pci)
DRV:64bit: - [2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV:64bit: - [2009/07/13 21:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 21:45:45 | 000,104,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 21:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\pciide.sys -- (pciide)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 21:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 21:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2009/07/13 21:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\WINDOWS\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV:64bit: - [2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\usbprint.sys -- (usbprint)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:41 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV:64bit: - [2009/07/13 20:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2009/07/13 20:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2009/07/13 20:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2009/07/13 20:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV:64bit: - [2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- E:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 20:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\rassstp.sys -- (RasSstp)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:10:22 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2009/07/13 20:10:22 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\wanarp.sys -- (WANARP)
DRV:64bit: - [2009/07/13 20:10:18 | 000,111,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV:64bit: - [2009/07/13 20:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2009/07/13 20:10:13 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2009/07/13 20:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2009/07/13 20:10:12 | 000,130,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV:64bit: - [2009/07/13 20:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\rasacd.sys -- (RasAcd)
DRV:64bit: - [2009/07/13 20:10:04 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2009/07/13 20:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\ipnat.sys -- (IPNAT)
DRV:64bit: - [2009/07/13 20:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2009/07/13 20:09:49 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\WINDOWS\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2009/07/13 20:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2009/07/13 20:09:42 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\pacer.sys -- (Psched)
DRV:64bit: - [2009/07/13 20:09:38 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\tunnel.sys -- (tunnel)
DRV:64bit: - [2009/07/13 20:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\WINDOWS\System32\drivers\netbios.sys -- (NetBIOS)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:09:25 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2009/07/13 20:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\smb.sys -- (Smb)
DRV:64bit: - [2009/07/13 20:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2009/07/13 20:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\WINDOWS\System32\drivers\rspndr.sys -- (rspndr)
DRV:64bit: - [2009/07/13 20:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\WINDOWS\System32\drivers\lltdio.sys -- (lltdio)
DRV:64bit: - [2009/07/13 20:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:09 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\usbhub.sys -- (usbhub)
DRV:64bit: - [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2009/07/13 20:06:56 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\umbus.sys -- (umbus)
DRV:64bit: - [2009/07/13 20:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\hidbth.sys -- (HidBth)
DRV:64bit: - [2009/07/13 20:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:45 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2009/07/13 20:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy)
DRV:64bit: - [2009/07/13 20:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2009/07/13 20:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2009/07/13 20:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\circlass.sys -- (circlass)
DRV:64bit: - [2009/07/13 20:06:30 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\usbehci.sys -- (usbehci)
DRV:64bit: - [2009/07/13 20:06:30 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\usbohci.sys -- (usbohci)
DRV:64bit: - [2009/07/13 20:06:27 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\hidir.sys -- (HidIr)
DRV:64bit: - [2009/07/13 20:06:22 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\hidusb.sys -- (HidUsb)
DRV:64bit: - [2009/07/13 20:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2009/07/13 20:06:13 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\wacompen.sys -- (WacomPen)
DRV:64bit: - [2009/07/13 20:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2009/07/13 20:01:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2009/07/13 20:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2009/07/13 20:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\fdc.sys -- (fdc)
DRV:64bit: - [2009/07/13 20:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2009/07/13 20:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\parport.sys -- (Parport)
DRV:64bit: - [2009/07/13 20:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\serenum.sys -- (Serenum)
DRV:64bit: - [2009/07/13 20:00:20 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2009/07/13 20:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\mouhid.sys -- (mouhid)
DRV:64bit: - [2009/07/13 20:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\sermouse.sys -- (sermouse)
DRV:64bit: - [2009/07/13 20:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2009/07/13 20:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV:64bit: - [2009/07/13 20:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\mstee.sys -- (MSTEE)
DRV:64bit: - [2009/07/13 20:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV:64bit: - [2009/07/13 20:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\mspqm.sys -- (MSPQM)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:47:45 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\IPMIDrv.sys -- (IPMIDRV)
DRV:64bit: - [2009/07/13 19:38:58 | 000,974,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2009/07/13 19:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\monitor.sys -- (monitor)
DRV:64bit: - [2009/07/13 19:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2009/07/13 19:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\vgapnp.sys -- (vga)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\errdev.sys -- (ErrDev)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- E:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2009/07/13 19:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2009/07/13 19:25:13 | 000,465,408 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\srv.sys -- (srv)
DRV:64bit: - [2009/07/13 19:25:04 | 000,407,040 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\srv2.sys -- (srv2)
DRV:64bit: - [2009/07/13 19:24:59 | 000,162,816 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\srvnet.sys -- (srvnet)
DRV:64bit: - [2009/07/13 19:24:10 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\WINDOWS\System32\drivers\rdbss.sys -- (rdbss)
DRV:64bit: - [2009/07/13 19:24:08 | 000,285,696 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2009/07/13 19:24:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2009/07/13 19:24:00 | 000,157,184 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2009/07/13 19:23:57 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2009/07/13 19:23:50 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\bowser.sys -- (bowser)
DRV:64bit: - [2009/07/13 19:23:44 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\WINDOWS\System32\drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2009/07/13 19:23:37 | 000,327,168 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- E:\WINDOWS\System32\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2009/07/13 19:22:20 | 000,751,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\http.sys -- (HTTP)
DRV:64bit: - [2009/07/13 19:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\Windows\system32\drivers\afd.sys -- (AFD)
DRV:64bit: - [2009/07/13 19:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\netbt.sys -- (NetBT)
DRV:64bit: - [2009/07/13 19:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\tdx.sys -- (tdx)
DRV:64bit: - [2009/07/13 19:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2009/07/13 19:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\cdrom.sys -- (cdrom)
DRV:64bit: - [2009/07/13 19:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- E:\WINDOWS\System32\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/13 19:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\amdk8.sys -- (AmdK8)
DRV:64bit: - [2009/07/13 19:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\intelppm.sys -- (intelppm)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\processr.sys -- (Processor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/18 10:15:16 | 000,307,400 | ---- | M] (McAfee, Inc.) [Kernel | System] -- E:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/06/18 10:15:16 | 000,102,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/06/18 10:15:16 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/06/18 10:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009/06/18 10:08:50 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 16:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 16:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 16:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 16:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\WINDOWS\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- E:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot] -- E:\WINDOWS\System32\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 23:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/04/09 14:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System] -- E:\WINDOWS\System32\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- E:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_E\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Administrator_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\Administrator_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\Administrator_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\NetworkService_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)


FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - E:\WINDOWS\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] E:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] E:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] E:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] E:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] E:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] E:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] E:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] E:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] E:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [LoJackForLaptops] E:\Program Files (x86)\LFLInstall\LoJackFactoryManager.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] E:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] E:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found
O4 - Startup: E:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\WINDOWS\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\WINDOWS\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\WINDOWS\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\WINDOWS\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - E:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - E:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - E:\Windows\System32\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - E:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - E:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - E:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - E:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - E:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - E:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - E:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - E:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - E:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - E:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/29 09:05:37 | 000,000,000 | ---D | C] -- E:\Emergency
[2011/07/29 08:49:46 | 000,000,000 | ---D | C] -- E:\Windows\SMINST

========== Files - Modified Within 30 Days ==========

[2011/07/30 22:52:34 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2011/07/29 09:06:02 | 000,000,452 | ---- | M] () -- E:\Users\Public\Desktop\Emergency Backup.lnk

========== Files Created - No Company Name ==========

[2011/07/29 09:06:02 | 000,000,452 | ---- | C] () -- E:\Users\Public\Desktop\Emergency Backup.lnk
[2009/12/06 17:13:33 | 000,982,220 | ---- | C] () -- E:\Windows\SysWow64\igkrng500.bin
[2009/12/06 17:13:32 | 000,134,592 | ---- | C] () -- E:\Windows\SysWow64\igfcg500.bin
[2009/12/06 17:13:32 | 000,092,216 | ---- | C] () -- E:\Windows\SysWow64\igfcg500m.bin
[2009/12/06 17:13:31 | 000,433,024 | ---- | C] () -- E:\Windows\SysWow64\igcompkrng500.bin
[2009/12/06 16:08:46 | 000,002,154 | ---- | C] () -- E:\Users\Administrator\AppData\Roaming\install.dat
[2009/12/06 15:58:01 | 000,000,075 | RHS- | C] () -- E:\Windows\CT4CET.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2009/12/06 15:49:24 | 000,000,000 | ---D | M] -- E:\ProgramData\PCDr
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2009/12/06 15:49:27 | 000,000,000 | ---D | M] -- E:\ProgramData\SupportSoft
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2009/12/06 16:00:26 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2009/12/06 15:47:07 | 000,000,000 | ---D | M] -- E:\ProgramData\WildTangent
[2009/07/14 01:08:49 | 000,001,616 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\WINDOWS\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\WINDOWS\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\WINDOWS\SysWOW64\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- E:\WINDOWS\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- E:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

< MD5 for: IASTOR.SYS >
[2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- E:\Drivers\storage\R228436\f6flpy64\IaStor.sys
[2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- E:\Windows\System32\drivers\iaStor.sys
[2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- E:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys
[2009/06/04 20:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- E:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- E:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- E:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\Windows\System32\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\WINDOWS\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2009/07/13 21:48:28 | 005,511,248 | ---- | M] (Microsoft Corporation) MD5=9E722B768E33D26AD8FA7D642E707443 -- E:\Windows\System32\ntoskrnl.exe
[2009/07/13 21:48:28 | 005,511,248 | ---- | M] (Microsoft Corporation) MD5=9E722B768E33D26AD8FA7D642E707443 -- E:\WINDOWS\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[2009/07/13 21:20:44 | 003,899,472 | ---- | M] (Microsoft Corporation) MD5=B9D673F7707219DFD264891A26C21ECB -- E:\WINDOWS\SysWOW64\ntoskrnl.exe
[2009/07/13 21:20:44 | 003,899,472 | ---- | M] (Microsoft Corporation) MD5=B9D673F7707219DFD264891A26C21ECB -- E:\WINDOWS\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- E:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- E:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\WINDOWS\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\Windows\System32\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\WINDOWS\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\System32\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: UXTHEME.DLL >
[2009/07/13 21:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=43964FA89CCF97BA6BE34D69455AC65F -- E:\WINDOWS\SysWOW64\uxtheme.dll
[2009/07/13 21:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=43964FA89CCF97BA6BE34D69455AC65F -- E:\WINDOWS\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll
[2009/07/13 21:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- E:\Windows\System32\uxtheme.dll
[2009/07/13 21:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- E:\WINDOWS\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll

< MD5 for: VOLSNAP.SYS >
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- E:\Windows\System32\drivers\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- E:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- E:\WINDOWS\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- E:\Windows\System32\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- E:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2009/12/06 17:21:03 | 000,003,521 | RH-- | M] () -- E:\dell.sdr
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- E:\msdia80.dll

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
< End of report >
  • 0

#10
JSntgRvr
Posted 30 July 2011 - 11:34 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I believe there are critical files missing, especially the bootmgr file. Lets take a look at the contents of the E: drive.

Download the enclosed file.
Save and extract its contents in the USB drive. Insert the USB drive back in the sick computer and boot to Reatogo (OTLPE CD). Once on the desktop, browse to the USB. Open the query folder and doubleclick on the Query.bat file. A report text file will be produced (Report.txt). Post the contents of that report in your next reply.

Is there a way you can get your hands on a Windows 7 Repair CD?
  • 0

Advertisements

#11
pavithrasan
Posted 31 July 2011 - 07:20 AM

pavithrasan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I am posting the contents of the report file from Query.bat .I am trying to download a windows 7 repair cd from neosmart technology.Will let u know once the repair cd is downloaded and ready.Will that work?



Volume in drive E is OS
Volume Serial Number is EC03-B18E

Directory of E:\

12/06/2009 05:21 PM 3,521 dell.sdr
12/02/2006 01:37 AM 904,704 msdia80.dll
08/01/2011 03:49 AM 156,544 OTL.Txt
3 File(s) 1,064,769 bytes
0 Dir(s) 199,321,989,120 bytes free
Volume in drive E is OS
Volume Serial Number is EC03-B18E

Directory of E:\

12/06/2009 05:21 PM <DIR> backup
12/06/2009 04:08 PM <DIR> dell
07/14/2009 01:08 AM <JUNCTION> Documents and Settings
10/29/2009 09:20 AM <DIR> Drivers
07/30/2011 02:03 PM <DIR> Emergency
12/06/2009 05:12 PM <DIR> hotfix
12/06/2009 03:39 PM <DIR> Intel
12/06/2009 03:49 PM <DIR> MSOCache
07/13/2009 11:20 PM <DIR> PerfLogs
12/06/2009 04:02 PM <DIR> Program Files
12/06/2009 04:02 PM <DIR> Program Files (x86)
12/06/2009 04:02 PM <DIR> ProgramData
07/30/2011 02:06 PM <DIR> System Volume Information
07/14/2009 01:08 AM <DIR> Users
12/06/2009 03:58 PM <DIR> WINDOWS
0 File(s) 0 bytes
15 Dir(s) 199,321,989,120 bytes free
Volume in drive E is OS
Volume Serial Number is EC03-B18E

Directory of E:\WINDOWS\Boot\PCAT

07/13/2009 09:38 PM 383,562 bootmgr
1 File(s) 383,562 bytes

Directory of E:\WINDOWS\winsxs\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_6.1.7600.16385_none_c30008a71484187b

07/13/2009 09:38 PM 383,562 bootmgr
1 File(s) 383,562 bytes

Total Files Listed:
2 File(s) 767,124 bytes
0 Dir(s) 199,321,989,120 bytes free
  • 0

#12
JSntgRvr
Posted 31 July 2011 - 09:30 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
The Boot Configuration Data files and folders are missing. You will need a Windows 7 DVD in order to repair the boot process. I don't know if the repair CD may be enough.

Download the enclosed file.
Save and extract its contents in the USB drive. Insert the USB drive back in the sick computer and boot to Reatogo (OTLPE CD). Once on the desktop, browse to the USB. Open the query_2 folder and doubleclick on the Query_2.bat file. A report text file will be produced (Report.txt). Post the contents of that report in your next reply.
  • 0

#13
pavithrasan
Posted 31 July 2011 - 09:51 AM

pavithrasan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I did burn a windows 7 recovery dvd.But I dont have a windows 7 installation dvd.Is there a way to fix the problem?
Query2 report contents

Volume in drive E is OS
Volume Serial Number is EC03-B18E

Directory of E:\WINDOWS\Boot\PCAT

07/13/2009 11:20 PM <DIR> .
07/13/2009 11:20 PM <DIR> ..
07/13/2009 09:38 PM 383,562 bootmgr
07/13/2009 11:20 PM <DIR> cs-CZ
07/13/2009 11:20 PM <DIR> da-DK
07/13/2009 11:20 PM <DIR> de-DE
07/13/2009 11:20 PM <DIR> el-GR
07/14/2009 01:37 AM <DIR> en-US
07/13/2009 11:20 PM <DIR> es-ES
07/13/2009 11:20 PM <DIR> fi-FI
07/13/2009 11:20 PM <DIR> fr-FR
07/13/2009 11:20 PM <DIR> hu-HU
07/13/2009 11:20 PM <DIR> it-IT
07/13/2009 11:20 PM <DIR> ja-JP
07/13/2009 11:20 PM <DIR> ko-KR
07/13/2009 09:20 PM 485,440 memtest.exe
07/13/2009 11:20 PM <DIR> nb-NO
07/13/2009 11:20 PM <DIR> nl-NL
07/13/2009 11:20 PM <DIR> pl-PL
07/13/2009 11:20 PM <DIR> pt-BR
07/13/2009 11:20 PM <DIR> pt-PT
07/13/2009 11:20 PM <DIR> ru-RU
07/13/2009 11:20 PM <DIR> sv-SE
07/13/2009 11:20 PM <DIR> tr-TR
07/13/2009 11:20 PM <DIR> zh-CN
07/13/2009 11:20 PM <DIR> zh-HK
07/13/2009 11:20 PM <DIR> zh-TW
2 File(s) 869,002 bytes
25 Dir(s) 199,321,989,120 bytes free
  • 0

#14
JSntgRvr
Posted 31 July 2011 - 12:50 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Lets try this fix.

Download the enclosed file.
Save and extract its contents in the USB drive. Insert the USB drive back in the sick computer and boot to Reatogo (OTLPE CD). Once on the desktop, browse to the USB. Open the Fix folder and doubleclick on the Fix.bat file.

If successful, restart the computer to the Windows 7 DVD. Follow the prompts and bring the computer to a Command prompt in the Repair console. At the prompt type the following and press Enter after each line:

bootrec /fixmbr
bootrec /RebuildBcd

The computer will be scanned, and once the installation is detected a dialog box will appear asking if you want to add the installation to the boot list. Select Yes(Y)

Type Exit and press Enter o leave the prompt.

Restart the computer in Normal Mode.

Let me know the outcome or any error messages.
  • 0

#15
pavithrasan
Posted 31 July 2011 - 02:17 PM

pavithrasan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I dont have a windows 7 installation dvd.All i have a recovery dvd.Should i try rebuildbcd with the recovery dvd. Because when i try running rebuildbcd on my laptop without any dvd,it says 0 installation found.Has my OS been corrupted totally.Can i proceed with recovery dvd to try out your steps.Please guide.Thanks.
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP