Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Heur Exploit Script virus looping to blue screen on start up


  • This topic is locked This topic is locked

#91
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
The Plug and Play has no Dependencies.

Go to Start -> Run, type CMD and click OK.At the prompt type the following and press Enter:

Dir C:\Windows\Services.exe /s

Not that we are using the back slash "\" and the forward slash "/". Leave a space between Services.exe and the /s switch.

Is there a Services.exe file present in the C:\Windows\System32 folder?
  • 0

Advertisements


#92
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
If having problems with the above, lets attempt this throughout OTLPE.

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      Services.exe
      /md5stop
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PlugPlay /s

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#93
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
The first instruction for Windows service exe. produced a very long report but I am unable to copy it for you to see.
It starts with Volume in drive C has no label, Volume Serial number is D428-716D

It then continues with a list of files all dates 06/02/2009. The first one is:

Directory of C:\Windows\$hf_mig$\KB956572\SP2QFE, 110.592 services exe, 1 file 110592 bytes.

The report lists 4 more files and then goes to:

Directory of C:\Windows\$NtServicePackUninstall$ There are four of these files and the date changes to 14/04/2008 and 10/08/2004. Next:

Directory or C\Windows\ERDNT\cache, one file (without any dollar signs around it)
Directory of C:\Windows\ServicePackFiles\i386, again one file and no dollar signs
Directory of C:\Windows\system32, one file, no dollar signs
Directory of C:\Windows\system32\dllcache, one file, no dollar signs


It then goes on to says that "Volume" is not recognised as an internal or external command and lists files stating that '1','06','10' and '14' are not recognised as an internal or external command.

Hope this post makes sense? I will now go back to the OTPLE.

Here is the report:


OTL logfile created on: 1/7/2011 12:33:15 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 135.06 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
Drive D: | 7.31 Gb Total Space | 7.31 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\windows\System32\hidserv.dll -- (HidServ)
SRV - [2008/06/23 06:54:14 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Disabled] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/05/28 23:06:44 | 000,598,960 | ---- | M] ( ) [Disabled] -- C:\windows\System32\lxdfcoms.exe -- (lxdf_device)
SRV - [2007/05/28 23:06:20 | 000,099,248 | ---- | M] () [Disabled] -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService)
SRV - [2007/02/12 07:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Disabled] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/11/03 13:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\default\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | On_Demand] -- C:\windows\System32\drivers\aec.sys -- (aec)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/08/26 08:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 19:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\windows\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\windows\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\windows\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 13:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 13:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 13:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 13:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/04/13 13:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\windows\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\windows\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 13:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/04/13 13:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541)
DRV - [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 13:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 13:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\windows\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/30 13:57:38 | 001,671,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/02/12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/01/13 04:33:18 | 005,672,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/04/03 21:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/01/23 02:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/01/10 12:32:20 | 000,861,639 | R--- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/12/26 12:21:38 | 001,099,336 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/20 17:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/13 04:54:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2004/10/08 08:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/10 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 14:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/10 14:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2004/08/10 14:00:00 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)
DRV - [2004/08/10 14:00:00 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)
DRV - [2004/08/10 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/10 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/10 14:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)
DRV - [2004/08/10 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/10 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/10 14:00:00 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)
DRV - [2004/08/10 14:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/10 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 14:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/10 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 14:00:00 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2)
DRV - [2004/08/10 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/10 14:00:00 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn)
DRV - [2004/08/10 14:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)
DRV - [2004/08/10 14:00:00 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)
DRV - [2004/08/10 14:00:00 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2004/08/10 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 14:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/10 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/10 14:00:00 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)
DRV - [2004/08/10 14:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2004/08/10 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/10 14:00:00 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)
DRV - [2004/08/10 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\windows\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)
DRV - [2004/08/10 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)
DRV - [2004/08/10 14:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint)
DRV - [2004/08/10 14:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/10 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/10 14:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 14:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)
DRV - [2004/08/10 14:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\windows\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/10 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/10 14:00:00 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)
DRV - [2004/08/10 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2004/08/10 14:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/10 14:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\null.sys -- (Null)
DRV - [2004/08/10 14:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\windows\System32\winsock.dll -- (Winsock)
DRV - [2004/08/10 13:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 08:52:30 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/17 07:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 07:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/05/12 14:43:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/23 13:21:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/26 05:46:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\


O1 HOSTS File: ([2011/01/03 15:33:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 6500 Series Fax Server] C:\Program Files\Lexmark 6500 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdfamon] C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()
O4 - HKLM..\Run: [lxdfmon.exe] C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\windows\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\default\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\windows\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\windows\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\windows\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/14 16:19:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/06 18:36:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2011/01/05 14:58:16 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/01/03 15:27:39 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/01/03 01:50:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/01/03 01:50:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/01/03 01:50:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/01/03 01:50:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/01/03 01:49:50 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/01/03 01:49:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/29 17:20:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/12/29 17:19:03 | 000,553,984 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/12/29 17:18:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/25 11:13:25 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2010/05/08 04:42:33 | 001,200,128 | ---- | C] ( ) -- C:\windows\System32\lxdfserv.dll
[2010/05/08 04:42:33 | 000,950,272 | ---- | C] ( ) -- C:\windows\System32\lxdfusb1.dll
[2010/05/08 04:42:33 | 000,663,552 | ---- | C] ( ) -- C:\windows\System32\lxdfhbn3.dll
[2010/05/08 04:42:33 | 000,647,168 | ---- | C] ( ) -- C:\windows\System32\lxdfpmui.dll
[2010/05/08 04:42:33 | 000,565,248 | ---- | C] ( ) -- C:\windows\System32\lxdflmpm.dll
[2010/05/08 04:42:33 | 000,434,176 | ---- | C] ( ) -- C:\windows\System32\lxdfhcp.dll
[2010/05/08 04:42:33 | 000,356,352 | ---- | C] ( ) -- C:\windows\System32\lxdfinpa.dll
[2010/05/08 04:42:33 | 000,339,968 | ---- | C] ( ) -- C:\windows\System32\lxdfiesc.dll
[2010/05/08 04:42:33 | 000,053,248 | ---- | C] ( ) -- C:\windows\System32\lxdfprox.dll
[2010/05/08 04:42:32 | 000,860,160 | ---- | C] ( ) -- C:\windows\System32\lxdfcomc.dll
[2010/05/08 04:42:32 | 000,364,544 | ---- | C] ( ) -- C:\windows\System32\lxdfcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/01/07 07:11:06 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/06 19:07:38 | 000,000,330 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/01/06 19:04:30 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/05 14:10:03 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/01/03 15:33:44 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/01/03 01:54:19 | 000,442,334 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/01/03 01:54:19 | 000,071,912 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/12/31 00:54:35 | 000,002,577 | ---- | M] () -- C:\windows\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2011/01/03 01:50:02 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/01/03 01:50:02 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/01/03 01:50:02 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/01/03 01:50:02 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/01/03 01:50:02 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/10/13 12:21:10 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2010/07/23 13:24:13 | 000,000,025 | ---- | C] () -- C:\windows\cdplayer.ini
[2010/05/08 04:46:40 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxdfvs.dll
[2010/05/08 04:46:38 | 000,348,160 | ---- | C] () -- C:\windows\System32\lxdfcoin.dll
[2010/05/08 04:46:11 | 000,692,224 | ---- | C] () -- C:\windows\System32\lxdfdrs.dll
[2010/05/08 04:46:11 | 000,069,632 | ---- | C] () -- C:\windows\System32\lxdfcnv4.dll
[2010/05/08 04:46:11 | 000,065,536 | ---- | C] () -- C:\windows\System32\lxdfcaps.dll
[2010/05/08 04:45:55 | 000,069,632 | ---- | C] () -- C:\windows\System32\lxdfoem.dll
[2010/05/08 04:45:55 | 000,045,056 | ---- | C] () -- C:\windows\System32\LXDFPMON.DLL
[2010/05/08 04:45:55 | 000,032,768 | ---- | C] () -- C:\windows\System32\LXDFFXPU.DLL
[2010/05/08 04:42:33 | 000,348,160 | ---- | C] () -- C:\windows\System32\lxdfinst.dll
[2010/05/08 04:42:32 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxdfgrd.dll
[2008/11/11 13:42:43 | 000,027,136 | ---- | C] () -- C:\windows\System32\QTUninst.dll
[2008/11/11 13:38:10 | 000,009,136 | ---- | C] () -- C:\windows\System32\INETWH16.DLL
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56spn.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56itl.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56eng.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56brz.dll
[2008/06/23 05:09:39 | 000,061,440 | R--- | C] () -- C:\windows\sm56ger.dll
[2008/06/23 05:09:39 | 000,061,440 | R--- | C] () -- C:\windows\sm56fra.dll
[2008/06/23 05:09:39 | 000,053,248 | R--- | C] () -- C:\windows\sm56jpn.dll
[2008/06/23 05:09:39 | 000,049,152 | R--- | C] () -- C:\windows\sm56cht.dll
[2008/06/23 05:09:39 | 000,049,152 | R--- | C] () -- C:\windows\sm56chs.dll
[2008/06/23 04:32:03 | 000,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v4764.dll
[2008/06/19 10:49:09 | 000,249,856 | ---- | C] () -- C:\windows\System32\igfxTMM.dll
[2008/06/19 10:49:09 | 000,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1244.dll
[2006/01/17 13:28:20 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2006/01/14 15:00:09 | 000,000,441 | ---- | C] () -- C:\windows\System32\emver.ini
[2006/01/14 08:10:36 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\windows\System32\psisdecd.dll

========== LOP Check ==========

[2010/10/23 10:06:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Ilubol
[2010/10/07 09:57:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Maus
[2010/10/09 04:24:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Uhzena
[2010/10/13 12:24:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Ulmy
[2011/01/06 19:07:38 | 000,000,330 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job
[2010/10/24 00:21:21 | 000,000,426 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{2E16A703-F1B3-4340-B56D-A79C454F9DE3}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PlugPlay /s >
"Description" = Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
"DisplayName" = Plug and Play
"ErrorControl" = 1
"Group" = PlugPlay
"ImagePath" = %SystemRoot%\system32\services.exe -- [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"PlugPlayServiceType" = 3
"Start" = 2
"Type" = 32
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PlugPlay\Security]
"Security" = [Binary data over 100 bytes]
< End of report >

Edited by Jan1959, 07 January 2011 - 06:39 AM.

  • 0

#94
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Other than the "Volume" is not recognised as an internal or external command and lists files stating that '1','06','10' and '14' are not recognised as an internal or external command, the rest is OK. Wonder why is returning these errors.

Will wait for the OTLPE report.
  • 0

#95
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
I added the OTLPE report to the bottom of my last post.
  • 0

#96
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
All seems in place. Plug and play should be running.

While in the Reatogo environment, browse to the C:\Windows\System32\Config folder. There is a file labeled System. Copy that file to the Flash drive (It is a very large file), zip it and attach it to a reply. If too large, attempt to upload it if possible to the following site:

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "For JSntgRvr"
  • Put a link to this thread in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:

    • System or System.zip
  • Click Open.
  • Click Post.

You wont be able to see if uploaded. Just follow the instructions above and let me know when ready. I will check it for you.
  • 0

#97
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
I think that I have posted the system file on the spy killer forum but I'm not sure if it downloaded properly. Please let me know if I have to do it again.
  • 0

#98
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Registry entries seems in place. Let check for missing files:


Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      netfxperf.dll
      mscoree.dll
      svchost.exe
      alrsvc.dll
      alg.exe
      appmgmts.dll
      aspnet_perf.dll
      aspnet_isapi.dll
      aspnet_state.exe
      audiosrv.dll
      battc.sys
      browser.dll
      cisvc.exe
      clipsrv.exe
      mscorsvw.exe
      dllhost.exe
      query.dll
      dhcpcsvc.dll
      dmadmin.exe
      dmserver.dll
      dnsrslvr.dll
      dot3svc.dll
      eapsvc.dll
      ehRecvr.exe
      ehSched.exe
      es.dll
      shsvcs.dll
      PresentationFontCache.exe
      GoogleUpdate.exe
      GoogleUpdaterService.exe
      hidserv.dll
      kmsvc.dll
      w3ssl.dll
      infocard.exe
      imapi.exe
      jqs.conf
      srvsvc.dll
      wkssvc.dll
      lmhsvc.dll
      mcrdsvc.exe
      mnmsrvc.exe
      msdtc.exe
      msiexec.exe
      qagentrt.dll
      netdde.exe
      ntmssvc.dll
      perfdisk.dll
      perfnet.dll
      perfos.dll
      rasmans.dll
      rasppp.dll
      raschap.dl
      rastls.dll
      drprov.dll
      sessmgr.exe
      rasrad.dll
      mprddm.dll
      rasctrs.dll
      iprtrmgr.dll
      locator.exe
      rpcss.dll
      rsvp.exe
      SCardSvr.exe
      schedsvc.dll
      scsiport.sys
      SCardSvr.exe
      rsvpperf.dll
      schedsvc.dll
      sens.dll
      NETFXPerf.dll
      ipnathlp.dll
      shsvcs.dll
      lsass.exe
      netman.dll
      SMSvcHost.exe
      mswsock.dll
      ntmssvc.dll
      ssdpsrv.dll
      wiaservc.dll
      tapisrv.dll
      termsrv.dll
      shsvcs.dll
      tlntsvr.exe
      trkwks.dll
      wdfmgr.exe
      upnphost.dll
      ups.exe
      vssvc.exe
      w32time.dll
      webclnt.dll
      winrnr.dll
      mswsock.dll
      MsPMSNSv.dll
      wmiaprpl.dll
      wmiapsrv.exe
      wzcsvc.dll
      xmlprov.dll
      /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#99
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Please find log below.


OTL logfile created on: 1/7/2011 6:14:23 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 135.06 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
Drive D: | 7.31 Gb Total Space | 7.31 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\windows\System32\hidserv.dll -- (HidServ)
SRV - [2008/06/23 06:54:14 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Disabled] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/05/28 23:06:44 | 000,598,960 | ---- | M] ( ) [Disabled] -- C:\windows\System32\lxdfcoms.exe -- (lxdf_device)
SRV - [2007/05/28 23:06:20 | 000,099,248 | ---- | M] () [Disabled] -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService)
SRV - [2007/02/12 07:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Disabled] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/11/03 13:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\default\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | On_Demand] -- C:\windows\System32\drivers\aec.sys -- (aec)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/08/26 08:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 19:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\windows\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\windows\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\windows\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 13:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 13:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 13:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 13:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/04/13 13:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\windows\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\windows\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 13:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\System32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/04/13 13:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541)
DRV - [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 13:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 13:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\windows\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/30 13:57:38 | 001,671,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/02/12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/01/13 04:33:18 | 005,672,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/04/03 21:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/01/23 02:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/01/10 12:32:20 | 000,861,639 | R--- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/12/26 12:21:38 | 001,099,336 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/20 17:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/13 04:54:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2004/10/08 08:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/10 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 14:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/10 14:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2004/08/10 14:00:00 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)
DRV - [2004/08/10 14:00:00 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)
DRV - [2004/08/10 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/10 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/10 14:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)
DRV - [2004/08/10 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/10 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/10 14:00:00 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)
DRV - [2004/08/10 14:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/10 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 14:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/10 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 14:00:00 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2)
DRV - [2004/08/10 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/10 14:00:00 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn)
DRV - [2004/08/10 14:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)
DRV - [2004/08/10 14:00:00 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)
DRV - [2004/08/10 14:00:00 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2004/08/10 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 14:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/10 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/10 14:00:00 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)
DRV - [2004/08/10 14:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2004/08/10 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/10 14:00:00 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)
DRV - [2004/08/10 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\windows\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)
DRV - [2004/08/10 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)
DRV - [2004/08/10 14:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint)
DRV - [2004/08/10 14:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/10 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/10 14:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 14:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)
DRV - [2004/08/10 14:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\windows\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/10 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/10 14:00:00 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)
DRV - [2004/08/10 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2004/08/10 14:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/10 14:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\null.sys -- (Null)
DRV - [2004/08/10 14:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\windows\System32\winsock.dll -- (Winsock)
DRV - [2004/08/10 13:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 08:52:30 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/17 07:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 07:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/05/12 14:43:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/23 13:21:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/26 05:46:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\


O1 HOSTS File: ([2011/01/03 15:33:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 6500 Series Fax Server] C:\Program Files\Lexmark 6500 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdfamon] C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()
O4 - HKLM..\Run: [lxdfmon.exe] C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\windows\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\default\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\windows\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\windows\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\windows\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/14 16:19:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/06 18:36:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2011/01/05 14:58:16 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/01/03 15:27:39 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/01/03 01:50:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/01/03 01:50:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/01/03 01:50:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/01/03 01:50:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/01/03 01:49:50 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/01/03 01:49:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/29 17:20:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/12/29 17:19:03 | 000,553,984 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/12/29 17:18:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/25 11:13:25 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2010/05/08 04:42:33 | 001,200,128 | ---- | C] ( ) -- C:\windows\System32\lxdfserv.dll
[2010/05/08 04:42:33 | 000,950,272 | ---- | C] ( ) -- C:\windows\System32\lxdfusb1.dll
[2010/05/08 04:42:33 | 000,663,552 | ---- | C] ( ) -- C:\windows\System32\lxdfhbn3.dll
[2010/05/08 04:42:33 | 000,647,168 | ---- | C] ( ) -- C:\windows\System32\lxdfpmui.dll
[2010/05/08 04:42:33 | 000,565,248 | ---- | C] ( ) -- C:\windows\System32\lxdflmpm.dll
[2010/05/08 04:42:33 | 000,434,176 | ---- | C] ( ) -- C:\windows\System32\lxdfhcp.dll
[2010/05/08 04:42:33 | 000,356,352 | ---- | C] ( ) -- C:\windows\System32\lxdfinpa.dll
[2010/05/08 04:42:33 | 000,339,968 | ---- | C] ( ) -- C:\windows\System32\lxdfiesc.dll
[2010/05/08 04:42:33 | 000,053,248 | ---- | C] ( ) -- C:\windows\System32\lxdfprox.dll
[2010/05/08 04:42:32 | 000,860,160 | ---- | C] ( ) -- C:\windows\System32\lxdfcomc.dll
[2010/05/08 04:42:32 | 000,364,544 | ---- | C] ( ) -- C:\windows\System32\lxdfcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/01/07 07:11:06 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/06 19:07:38 | 000,000,330 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/01/06 19:04:30 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/05 14:10:03 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/01/03 15:33:44 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/01/03 01:54:19 | 000,442,334 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/01/03 01:54:19 | 000,071,912 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/12/31 00:54:35 | 000,002,577 | ---- | M] () -- C:\windows\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2011/01/03 01:50:02 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/01/03 01:50:02 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/01/03 01:50:02 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/01/03 01:50:02 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/01/03 01:50:02 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/10/13 12:21:10 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2010/07/23 13:24:13 | 000,000,025 | ---- | C] () -- C:\windows\cdplayer.ini
[2010/05/08 04:46:40 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxdfvs.dll
[2010/05/08 04:46:38 | 000,348,160 | ---- | C] () -- C:\windows\System32\lxdfcoin.dll
[2010/05/08 04:46:11 | 000,692,224 | ---- | C] () -- C:\windows\System32\lxdfdrs.dll
[2010/05/08 04:46:11 | 000,069,632 | ---- | C] () -- C:\windows\System32\lxdfcnv4.dll
[2010/05/08 04:46:11 | 000,065,536 | ---- | C] () -- C:\windows\System32\lxdfcaps.dll
[2010/05/08 04:45:55 | 000,069,632 | ---- | C] () -- C:\windows\System32\lxdfoem.dll
[2010/05/08 04:45:55 | 000,045,056 | ---- | C] () -- C:\windows\System32\LXDFPMON.DLL
[2010/05/08 04:45:55 | 000,032,768 | ---- | C] () -- C:\windows\System32\LXDFFXPU.DLL
[2010/05/08 04:42:33 | 000,348,160 | ---- | C] () -- C:\windows\System32\lxdfinst.dll
[2010/05/08 04:42:32 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxdfgrd.dll
[2008/11/11 13:42:43 | 000,027,136 | ---- | C] () -- C:\windows\System32\QTUninst.dll
[2008/11/11 13:38:10 | 000,009,136 | ---- | C] () -- C:\windows\System32\INETWH16.DLL
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56spn.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56itl.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56eng.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\windows\sm56brz.dll
[2008/06/23 05:09:39 | 000,061,440 | R--- | C] () -- C:\windows\sm56ger.dll
[2008/06/23 05:09:39 | 000,061,440 | R--- | C] () -- C:\windows\sm56fra.dll
[2008/06/23 05:09:39 | 000,053,248 | R--- | C] () -- C:\windows\sm56jpn.dll
[2008/06/23 05:09:39 | 000,049,152 | R--- | C] () -- C:\windows\sm56cht.dll
[2008/06/23 05:09:39 | 000,049,152 | R--- | C] () -- C:\windows\sm56chs.dll
[2008/06/23 04:32:03 | 000,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v4764.dll
[2008/06/19 10:49:09 | 000,249,856 | ---- | C] () -- C:\windows\System32\igfxTMM.dll
[2008/06/19 10:49:09 | 000,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1244.dll
[2006/01/17 13:28:20 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2006/01/14 15:00:09 | 000,000,441 | ---- | C] () -- C:\windows\System32\emver.ini
[2006/01/14 08:10:36 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\windows\System32\psisdecd.dll

========== LOP Check ==========

[2010/10/23 10:06:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Ilubol
[2010/10/07 09:57:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Maus
[2010/10/09 04:24:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Uhzena
[2010/10/13 12:24:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Ulmy
[2011/01/06 19:07:38 | 000,000,330 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job
[2010/10/24 00:21:21 | 000,000,426 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{2E16A703-F1B3-4340-B56D-A79C454F9DE3}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ALG.EXE >
[2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINDOWS\ServicePackFiles\i386\alg.exe
[2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINDOWS\system32\alg.exe
[2004/08/10 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=F1958FBF86D5C004CF19A5951A9514B7 -- C:\WINDOWS\$NtServicePackUninstall$\alg.exe

< MD5 for: ALRSVC.DLL >
[2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=A9A3DAA780CA6C9671A19D52456705B4 -- C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
[2008/04/13 19:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=A9A3DAA780CA6C9671A19D52456705B4 -- C:\WINDOWS\system32\alrsvc.dll
[2004/08/10 14:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=C7AE0FD3867DB0D42B03B73C18F3D671 -- C:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll

< MD5 for: APPMGMTS.DLL >
[2004/08/10 14:00:00 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=9C3C12975C97119412802B181FBEEFFE -- C:\WINDOWS\$NtServicePackUninstall$\appmgmts.dll
[2008/04/13 19:11:49 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=D8849F77C0B66226335A59D26CB4EDC6 -- C:\WINDOWS\ERDNT\cache\appmgmts.dll
[2008/04/13 19:11:49 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=D8849F77C0B66226335A59D26CB4EDC6 -- C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
[2008/04/13 19:11:49 | 000,167,936 | ---- | M] (Microsoft Corporation) MD5=D8849F77C0B66226335A59D26CB4EDC6 -- C:\WINDOWS\system32\appmgmts.dll

< MD5 for: ASPNET_ISAPI.DLL >
[2010/09/22 21:17:08 | 000,258,048 | ---- | M] (Microsoft Corporation) MD5=056E6BFD6314BBB84D5DFB1CA529CD60 -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
[2004/08/04 08:11:02 | 000,200,704 | ---- | M] (Microsoft Corporation) MD5=0E87009B21494D87E96DFA640D71956A -- C:\WINDOWS\$NtUninstallKB930494$\aspnet_isapi.dll
[2009/06/23 16:12:08 | 000,200,704 | ---- | M] (Microsoft Corporation) MD5=557EF56C01954657D466EF626A669573 -- C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
[2008/07/25 05:16:40 | 000,017,416 | ---- | M] (Microsoft Corporation) MD5=74E81A65879FFE881A7AF525A0254AD8 -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
[2007/01/02 10:34:04 | 000,200,704 | ---- | M] (Microsoft Corporation) MD5=8432688C22A300E5B2B7871D348019ED -- C:\WINDOWS\$NtUninstallKB953295$\aspnet_isapi.dll
[2008/04/13 11:09:59 | 000,200,704 | ---- | M] (Microsoft Corporation) MD5=BD6380A483CB292E59E68AB3957B4561 -- C:\WINDOWS\ServicePackFiles\i386\aspnet_isapi.dll

< MD5 for: ASPNET_PERF.DLL >
[2008/07/25 05:16:40 | 000,033,800 | ---- | M] (Microsoft Corporation) MD5=F1430F5D20F4BB71A003209C3DB3ADDF -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

< MD5 for: ASPNET_STATE.EXE >
[2008/07/25 05:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) MD5=0E5E4957549056E2BF2C49F4F6B601AD -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[2008/04/13 11:10:01 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=7F2A2B860919EBF78AF07A52C72B0F27 -- C:\WINDOWS\ServicePackFiles\i386\aspnet_state.exe
[2004/07/15 11:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=E1A1206A4FB19B675E947B29CCD25FBA -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[2002/06/22 03:31:22 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=EA1333F2B281B7F3DCF9496A2766FA39 -- C:\WINDOWS\$NtUninstallKB953295$\aspnet_state.exe
[2009/06/23 16:12:10 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=F1DFD4F0A8D064E9EC90FE24102E73B9 -- C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe

< MD5 for: AUDIOSRV.DLL >
[2004/08/10 14:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) MD5=DB66DB626E4882EBEF55F136F12C1829 -- C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll
[2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) MD5=DEF7A7882BEC100FE0B2CE2549188F9D -- C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
[2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) MD5=DEF7A7882BEC100FE0B2CE2549188F9D -- C:\WINDOWS\system32\audiosrv.dll

< MD5 for: BATTC.SYS >
[2010/05/03 08:18:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:battc.sys
[2010/05/03 08:18:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:battc.sys
[2008/04/13 13:36:32 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=0D93976F7801B7FCD8135CC77257BBD0 -- C:\WINDOWS\ServicePackFiles\i386\battc.sys
[2008/04/13 13:36:32 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=0D93976F7801B7FCD8135CC77257BBD0 -- C:\WINDOWS\system32\drivers\battc.sys
[2001/08/17 07:57:54 | 000,014,080 | ---- | M] (Microsoft Corporation) MD5=EA22EDADF90C0ABA8319454B2A07B700 -- C:\WINDOWS\$NtServicePackUninstall$\battc.sys

< MD5 for: BROWSER.DLL >
[2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=A06CE3399D16DB864F55FAEB1F1927A9 -- C:\WINDOWS\ERDNT\cache\browser.dll
[2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=A06CE3399D16DB864F55FAEB1F1927A9 -- C:\WINDOWS\ServicePackFiles\i386\browser.dll
[2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=A06CE3399D16DB864F55FAEB1F1927A9 -- C:\WINDOWS\system32\browser.dll
[2004/08/10 14:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) MD5=E3CFCCDDA4EDD1D0DC9168B2E18F27B8 -- C:\WINDOWS\$NtServicePackUninstall$\browser.dll

< MD5 for: CISVC.EXE >
[2008/04/13 19:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1CFE720EB8D93A7158A4EBC3AB178BDE -- C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
[2008/04/13 19:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1CFE720EB8D93A7158A4EBC3AB178BDE -- C:\WINDOWS\system32\cisvc.exe
[2004/08/10 14:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=3192BD04D032A9C4A85A3278C268A13A -- C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe

< MD5 for: CLIPSRV.EXE >
[2008/04/13 19:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=34CBE729F38138217F9C80212A2A0C82 -- C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
[2008/04/13 19:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=34CBE729F38138217F9C80212A2A0C82 -- C:\WINDOWS\system32\clipsrv.exe
[2004/08/10 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=C8DEC22C4137D7A90F8BDF41CA4B82AE -- C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe

< MD5 for: DHCPCSVC.DLL >
[2006/05/19 08:46:40 | 000,112,128 | ---- | M] (Microsoft Corporation) MD5=3F15A1DBD86F7BDAF404648282D11ECE -- C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll
[2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) MD5=5E38D7684A49CACFB752B046357E0589 -- C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
[2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) MD5=5E38D7684A49CACFB752B046357E0589 -- C:\WINDOWS\system32\dhcpcsvc.dll
[2004/08/10 14:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=CB6CA3E5261D65F6F809EED23BF167AA -- C:\WINDOWS\$NtUninstallKB914388$\dhcpcsvc.dll
[2006/05/19 07:59:41 | 000,111,616 | ---- | M] (Microsoft Corporation) MD5=EF545E1A4B043DA4C84E230DD471C55F -- C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll

< MD5 for: DLLHOST.EXE >
[2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0A9BA6AF531AFE7FA5E4FB973852D863 -- C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
[2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0A9BA6AF531AFE7FA5E4FB973852D863 -- C:\WINDOWS\system32\dllhost.exe
[2004/08/10 14:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=DD87DB7387B9EB441C5674888A0D840C -- C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe

< MD5 for: DMADMIN.EXE >
[2004/08/10 14:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) MD5=554C7CB178FE3BD12450B81AD63ADBC3 -- C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
[2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) MD5=E46050330BD42F33609117F861E32D3C -- C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
[2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) MD5=E46050330BD42F33609117F861E32D3C -- C:\WINDOWS\system32\dmadmin.exe

< MD5 for: DMSERVER.DLL >
[2004/08/10 14:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) MD5=1639D9964C9E1B2ECCA95C8217D3E70D -- C:\WINDOWS\$NtServicePackUninstall$\dmserver.dll
[2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) MD5=57EDEC2E5F59F0335E92F35184BC8631 -- C:\WINDOWS\ServicePackFiles\i386\dmserver.dll
[2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) MD5=57EDEC2E5F59F0335E92F35184BC8631 -- C:\WINDOWS\system32\dmserver.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\system32\dnsrslvr.dll
[2008/02/20 13:49:36 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=6333C7E182E5B6247500188D28214DEF -- C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
[2004/08/10 14:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
[2008/02/20 00:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=AAC8FFBFD61E784FA3BAC851D4A0BD5F -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll

< MD5 for: DOT3SVC.DLL >
[2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=0F0F6E687E5E15579EF4DA8DD6945814 -- C:\WINDOWS\ServicePackFiles\i386\dot3svc.dll
[2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=0F0F6E687E5E15579EF4DA8DD6945814 -- C:\WINDOWS\system32\dot3svc.dll

< MD5 for: DRPROV.DLL >
[2008/04/13 19:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2DE1190196EE9555DB548A57622022EB -- C:\WINDOWS\ServicePackFiles\i386\drprov.dll
[2008/04/13 19:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2DE1190196EE9555DB548A57622022EB -- C:\WINDOWS\system32\drprov.dll
[2004/08/10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=C39CD25443CCCDD121BF1F807564DCFA -- C:\WINDOWS\$NtServicePackUninstall$\drprov.dll

< MD5 for: EAPSVC.DLL >
[2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=2187855A7703ADEF0CEF9EE4285182CC -- C:\WINDOWS\ServicePackFiles\i386\eapsvc.dll
[2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=2187855A7703ADEF0CEF9EE4285182CC -- C:\WINDOWS\system32\eapsvc.dll

< MD5 for: EHRECVR.EXE >
[2004/08/10 14:04:40 | 000,194,560 | ---- | M] (Microsoft Corporation) MD5=27434C42A13C11F92CA45840B720D671 -- C:\WINDOWS\$NtUninstallKB900325$\ehrecvr.exe
[2005/10/11 02:40:32 | 000,237,568 | ---- | M] (Microsoft Corporation) MD5=8301243BDE5B6CD316D79C0191D50D9A -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 23:56:32 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=95D859F8B4DA8E1871FF4381FF974AAD -- C:\WINDOWS\$NtUninstallKB908250$\ehrecvr.exe

< MD5 for: EHSCHED.EXE >
[2004/08/10 14:04:42 | 000,102,912 | ---- | M] (Microsoft Corporation) MD5=16910F8B482919BB6035ED053B691692 -- C:\WINDOWS\$NtUninstallKB900325$\ehsched.exe
[2005/08/05 23:56:32 | 000,102,912 | ---- | M] (Microsoft Corporation) MD5=A53243709439AC2A4C216B817F8D7411 -- C:\WINDOWS\ehome\ehSched.exe

< MD5 for: ES.DLL >
[2008/04/13 19:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/04/13 19:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2005/07/25 23:39:45 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=34BBD9ACC1538818F2C878898C64E793 -- C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[2010/08/17 20:57:16 | 000,203,320 | ---- | M] () MD5=59402EEA6FFC47B6DEA9857247A85742 -- C:\Documents and Settings\default\Local Settings\Application Data\Google\Chrome\Application\5.0.375.127\Locales\es.dll
[2008/07/07 15:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=60D1A6342238378BFB7545C81EE3606C -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2005/07/25 23:20:28 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=95F5FEA4C6DE2C3F28784D0DCC8F0DD3 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
[2008/07/07 15:06:43 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=A4AB3DCA4A383F0DF4988ABDEB84F9A4 -- C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
[2004/08/10 14:00:00 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\WINDOWS\$NtUninstallKB902400$\es.dll
[2010/09/21 00:39:52 | 000,208,440 | ---- | M] () MD5=BB8244943AE30F2C0A45D6CE18181641 -- C:\Documents and Settings\default\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\Locales\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\ERDNT\cache\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 15:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 15:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

< MD5 for: GOOGLEUPDATE.EXE >
[2010/02/05 00:40:34 | 000,135,664 | ---- | M] (Google Inc.) MD5=8F0DE4FEF8201E306F9938B0905AC96A -- C:\Program Files\Google\Update\GoogleUpdate.exe
[2010/10/23 17:42:10 | 000,136,176 | ---- | M] (Google Inc.) MD5=F02A533F517EB38333CB12A9E8963773 -- C:\Documents and Settings\default\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleUpdate.exe
[2010/03/27 10:03:20 | 000,136,176 | ---- | M] (Google Inc.) MD5=F02A533F517EB38333CB12A9E8963773 -- C:\Documents and Settings\default\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2010/10/19 12:08:20 | 000,136,176 | ---- | M] (Google Inc.) MD5=F02A533F517EB38333CB12A9E8963773 -- C:\Program Files\Google\Update\1.2.183.39\GoogleUpdate.exe

< MD5 for: GOOGLEUPDATERSERVICE.EXE >
[2009/05/06 12:26:06 | 000,182,768 | ---- | M] (Google) MD5=CC839E8D766CC31A7710C9F38CF3E375 -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

< MD5 for: HIDSERV.DLL >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hidserv.dll
[2010/05/03 08:18:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hidserv.dll
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:hidserv.dll
[2010/05/03 08:18:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hidserv.dll
[2008/04/13 19:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=DEB04DA35CC871B6D309B77E1443C796 -- C:\WINDOWS\ServicePackFiles\i386\hidserv.dll

< MD5 for: IMAPI.EXE >
[2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) MD5=30DEAF54A9755BB8546168CFE8A6B5E1 -- C:\WINDOWS\ServicePackFiles\i386\imapi.exe
[2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) MD5=30DEAF54A9755BB8546168CFE8A6B5E1 -- C:\WINDOWS\system32\imapi.exe
[2004/08/10 14:00:00 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=FA788520BCAC0F5D9D5CDE5615C0D931 -- C:\WINDOWS\$NtServicePackUninstall$\imapi.exe

< MD5 for: INFOCARD.EXE >
[2008/07/29 13:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) MD5=C01AC32DC5C03076CFB852CB5DA5229C -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

< MD5 for: IPNATHLP.DLL >
[2004/08/10 14:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPRTRMGR.DLL >
[2004/08/10 14:00:00 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=6C49E2A02588FC571FE9AD4AAACA75EC -- C:\WINDOWS\$NtServicePackUninstall$\iprtrmgr.dll
[2008/04/13 19:11:55 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=6CB1C20F2CE3402A60F3F766D73B15B8 -- C:\WINDOWS\ServicePackFiles\i386\iprtrmgr.dll
[2008/04/13 19:11:55 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=6CB1C20F2CE3402A60F3F766D73B15B8 -- C:\WINDOWS\system32\iprtrmgr.dll

< MD5 for: JQS.CONF >
[2010/07/16 20:42:22 | 000,041,208 | ---- | M] () MD5=22BFEC4CDA101FEDCC4E6292ACB9A8EF -- C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf

< MD5 for: KMSVC.DLL >
[2008/04/13 19:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=8878BD685E490239777BFE51320B88E9 -- C:\WINDOWS\ServicePackFiles\i386\kmsvc.dll
[2008/04/13 19:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=8878BD685E490239777BFE51320B88E9 -- C:\WINDOWS\system32\kmsvc.dll

< MD5 for: LMHSVC.DLL >
[2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=A7DB739AE99A796D91580147E919CC59 -- C:\WINDOWS\ServicePackFiles\i386\lmhsvc.dll
[2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=A7DB739AE99A796D91580147E919CC59 -- C:\WINDOWS\system32\lmhsvc.dll
[2004/08/10 14:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=B3EFF6D938C572E90A07B3D87A3C7657 -- C:\WINDOWS\$NtServicePackUninstall$\lmhsvc.dll

< MD5 for: LOCATOR.EXE >
[2004/08/10 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=793F04A09B15E7C6C11DBDFFAF06C0AB -- C:\WINDOWS\$NtServicePackUninstall$\locator.exe
[2008/04/13 19:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=AAED593F84AFA419BBAE8572AF87CF6A -- C:\WINDOWS\ServicePackFiles\i386\locator.exe
[2008/04/13 19:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=AAED593F84AFA419BBAE8572AF87CF6A -- C:\WINDOWS\system32\locator.exe

< MD5 for: LSASS.EXE >
[2004/08/10 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: MCRDSVC.EXE >
[2005/08/05 23:27:08 | 000,099,328 | ---- | M] (Microsoft Corporation) MD5=DF0A511F38F16016BF658FCA0090CB87 -- C:\WINDOWS\ehome\mcrdsvc.exe

< MD5 for: MNMSRVC.EXE >
[2008/04/13 19:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=D18F1F0C101D06A1C1ADF26EED16FCDD -- C:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe
[2008/04/13 19:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=D18F1F0C101D06A1C1ADF26EED16FCDD -- C:\WINDOWS\system32\mnmsrvc.exe
[2004/08/10 14:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=F6415361201915B9FE3896B0E4E724FF -- C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe

< MD5 for: MPRDDM.DLL >
[2004/08/10 14:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=3DCA91DA05450DB41EE7115B54E528D3 -- C:\WINDOWS\system32\mprddm.dll

< MD5 for: MSCOREE.DLL >
[2003/02/21 05:06:24 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=4C702AEA1C11D15C176C2C276D0907DD -- C:\WINDOWS\system32\URTTemp\mscoree.dll
[2007/06/27 07:55:10 | 000,131,072 | ---- | M] (Microsoft Corporation) MD5=728872974B29F2C688073ECA7101221A -- C:\WINDOWS\ServicePackFiles\i386\mscoree.dll
[2009/11/06 19:07:04 | 000,297,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mscoree.dll

< MD5 for: MSCORSVW.EXE >
[2008/07/25 05:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D87ACAED61E417BBA546CED5E7E36D9C -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

< MD5 for: MSDTC.EXE >
[2008/04/13 19:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=A137F1470499A205ABBB9AAFB3B6F2B1 -- C:\WINDOWS\ServicePackFiles\i386\msdtc.exe
[2008/04/13 19:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=A137F1470499A205ABBB9AAFB3B6F2B1 -- C:\WINDOWS\system32\msdtc.exe
[2004/08/10 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=C7C3D89EB0A6F3DBA622EA737FA335B1 -- C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe

< MD5 for: MSIEXEC.EXE >
[2004/08/10 14:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) MD5=4236AE241F193F58ADAB141CECCFD5F4 -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
[2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=5879D691E842574A20FE63817CB76DF9 -- C:\WINDOWS\ServicePackFiles\i386\msiexec.exe
[2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=5879D691E842574A20FE63817CB76DF9 -- C:\WINDOWS\system32\msiexec.exe
[2005/05/04 08:45:36 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=F5F0146580E7023ADB963879840777F8 -- C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe

< MD5 for: MSPMSNSV.DLL >
[2004/08/10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=6EAA72FD9EF993EC1FA9A06DE65105DA -- C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[2005/08/04 04:29:52 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=B9715B9C18BC6C8F4B66733D208CC9F7 -- C:\WINDOWS\ERDNT\cache\MsPMSNSv.dll
[2005/08/04 04:29:52 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=B9715B9C18BC6C8F4B66733D208CC9F7 -- C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[2005/08/04 04:29:52 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=B9715B9C18BC6C8F4B66733D208CC9F7 -- C:\WINDOWS\system32\MsPMSNSv.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/10 14:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2004/08/10 14:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NETDDE.EXE >
[2004/08/10 14:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=05AFB5AD06462257BEA7495283C86D50 -- C:\WINDOWS\$NtServicePackUninstall$\netdde.exe
[2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=B857BA82860D7FF85AE29B095645563B -- C:\WINDOWS\ServicePackFiles\i386\netdde.exe
[2008/04/13 19:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=B857BA82860D7FF85AE29B095645563B -- C:\WINDOWS\system32\netdde.exe

< MD5 for: NETFXPERF.DLL >
[2009/11/06 19:07:08 | 000,049,488 | ---- | M] (Microsoft Corporation) MD5=203D5ECB5CCDA683053CDA42DFF03573 -- C:\WINDOWS\system32\netfxperf.dll
[2009/11/06 19:07:08 | 000,049,488 | ---- | M] (Microsoft Corporation) MD5=203D5ECB5CCDA683053CDA42DFF03573 -- C:\WINDOWS\system32\netfxperf.dll

< MD5 for: NETMAN.DLL >
[2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ERDNT\cache\netman.dll
[2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2005/08/22 13:24:55 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[2005/08/22 13:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[2004/08/10 14:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\$NtUninstallKB905414$\netman.dll

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/10 14:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll
[2004/08/10 14:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PERFDISK.DLL >
[2008/04/13 19:12:02 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=ABFB673B24A9B3287761D497529FB5B9 -- C:\WINDOWS\ServicePackFiles\i386\perfdisk.dll
[2008/04/13 19:12:02 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=ABFB673B24A9B3287761D497529FB5B9 -- C:\WINDOWS\system32\perfdisk.dll
[2004/08/10 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=BA868A32EB6EB8EBD2FF0D8679801DEF -- C:\WINDOWS\$NtServicePackUninstall$\perfdisk.dll

< MD5 for: PERFNET.DLL >
[2004/08/10 14:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=636A03AA5209FC2E8416A746B1986155 -- C:\WINDOWS\$NtServicePackUninstall$\perfnet.dll
[2008/04/13 19:12:02 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=913AF88B0291D7D3A0FDC92F5E1CC7D7 -- C:\WINDOWS\ServicePackFiles\i386\perfnet.dll
[2008/04/13 19:12:02 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=913AF88B0291D7D3A0FDC92F5E1CC7D7 -- C:\WINDOWS\system32\perfnet.dll

< MD5 for: PERFOS.DLL >
[2008/04/13 19:12:02 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=ACDAFCD14EC0ECE89198503746A5C147 -- C:\WINDOWS\ServicePackFiles\i386\perfos.dll
[2008/04/13 19:12:02 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=ACDAFCD14EC0ECE89198503746A5C147 -- C:\WINDOWS\system32\perfos.dll
[2004/08/10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=FC77C63C47AE2D0D8B05DA6EC1785C0F -- C:\WINDOWS\$NtServicePackUninstall$\perfos.dll

< MD5 for: PRESENTATIONFONTCACHE.EXE >
[2010/05/10 12:55:58 | 000,046,104 | ---- | M] (Microsoft Corporation) MD5=8BA7C024070F2B7FDD98ED8A4BA41789 -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
[2008/07/29 15:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) MD5=8BA7C024070F2B7FDD98ED8A4BA41789 -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

< MD5 for: QAGENTRT.DLL >
[2008/04/13 19:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) MD5=0102140028FAD045756796E1C685D695 -- C:\WINDOWS\ServicePackFiles\i386\qagentrt.dll
[2008/04/13 19:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) MD5=0102140028FAD045756796E1C685D695 -- C:\WINDOWS\system32\qagentrt.dll

< MD5 for: QUERY.DLL >
[2004/08/10 14:00:00 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=0E5A34785508CD555ED1BB15D3715579 -- C:\WINDOWS\$NtUninstallKB920685$\query.dll
[2009/07/17 11:10:35 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=1A5B7CEDCA2D6153BE14BAA0D14E5D4C -- C:\WINDOWS\$hf_mig$\KB969059\SP2QFE\query.dll
[2009/07/17 11:22:18 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=43E4758953F454090CAD65C303796ED5 -- C:\WINDOWS\$hf_mig$\KB969059\SP3GDR\query.dll
[2009/07/17 11:22:18 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=43E4758953F454090CAD65C303796ED5 -- C:\WINDOWS\system32\dllcache\query.dll
[2009/07/17 11:22:18 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=43E4758953F454090CAD65C303796ED5 -- C:\WINDOWS\system32\query.dll
[2009/07/17 11:27:47 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=4A39C3DF262084CE46BF6ECFEEDB4A80 -- C:\WINDOWS\$NtServicePackUninstall$\query.dll
[2008/04/13 19:12:03 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=91574DB0C747A69195D7E56A5C87426E -- C:\WINDOWS\$NtUninstallKB969059$\query.dll
[2008/04/13 19:12:03 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=91574DB0C747A69195D7E56A5C87426E -- C:\WINDOWS\ServicePackFiles\i386\query.dll
[2006/06/22 00:06:30 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=B2E2061C7BB2E7A94BF0715C989A6D4F -- C:\WINDOWS\$NtUninstallKB969059_0$\query.dll
[2006/06/22 00:22:05 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=EA30BDEBBF3461421136FF6DA2E16AFA -- C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
[2009/07/17 11:01:07 | 001,435,648 | ---- | M] (Microsoft Corporation) MD5=EC636C470D3D795AEDF12DB886B8AC24 -- C:\WINDOWS\$hf_mig$\KB969059\SP3QFE\query.dll

< MD5 for: RASCTRS.DLL >
[2004/08/10 14:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=B0B0D7905AC71BC278F17F455E182611 -- C:\WINDOWS\system32\rasctrs.dll

< MD5 for: RASMANS.DLL >
[2004/08/10 14:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=41A3C11E3517C962C9B44893BCEC3B34 -- C:\WINDOWS\$NtUninstallKB911280$\rasmans.dll
[2006/06/22 05:47:18 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=49B5EED5FB89D39456A2F616CCD8BA5D -- C:\WINDOWS\$NtServicePackUninstall$\rasmans.dll
[2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=76A9A3CBEADD68CC57CDA5E1D7448235 -- C:\WINDOWS\ServicePackFiles\i386\rasmans.dll
[2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=76A9A3CBEADD68CC57CDA5E1D7448235 -- C:\WINDOWS\system32\rasmans.dll
[2006/06/22 05:36:52 | 000,180,736 | ---- | M] (Microsoft Corporation) MD5=ED5E89DEDB0111E2869CB37D62B46C7A -- C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll

< MD5 for: RASPPP.DLL >
[2004/08/10 14:00:00 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=04ECEC0447F79419AD25227205B8277D -- C:\WINDOWS\$NtServicePackUninstall$\rasppp.dll
[2008/04/13 19:12:03 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=D0545A010ED2259A740C8414899A938F -- C:\WINDOWS\ServicePackFiles\i386\rasppp.dll
[2008/04/13 19:12:03 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=D0545A010ED2259A740C8414899A938F -- C:\WINDOWS\system32\rasppp.dll

< MD5 for: RASRAD.DLL >
[2004/08/10 14:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=5DFECCC58C3010CDEB96F92DAB7EEB36 -- C:\WINDOWS\system32\rasrad.dll

< MD5 for: RASTLS.DLL >
[2008/04/13 19:12:03 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=036D3962F2086BF2A98E2873CE153828 -- C:\WINDOWS\$NtUninstallKB974318$\rastls.dll
[2008/04/13 19:12:03 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=036D3962F2086BF2A98E2873CE153828 -- C:\WINDOWS\ServicePackFiles\i386\rastls.dll
[2009/10/12 08:54:17 | 000,112,128 | ---- | M] (Microsoft Corporation) MD5=5414CCF382E4FCC6819ABA84F5BFEFD4 -- C:\WINDOWS\$NtServicePackUninstall$\rastls.dll
[2009/10/12 08:38:19 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A39BE37C9237DB5F1990D61B268EA555 -- C:\WINDOWS\$hf_mig$\KB974318\SP3GDR\rastls.dll
[2009/10/12 08:38:19 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A39BE37C9237DB5F1990D61B268EA555 -- C:\WINDOWS\system32\dllcache\rastls.dll
[2009/10/12 08:38:19 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A39BE37C9237DB5F1990D61B268EA555 -- C:\WINDOWS\system32\rastls.dll
[2004/08/10 14:00:00 | 000,112,128 | ---- | M] (Microsoft Corporation) MD5=ADEAC063A3757E8FBC242BB4414D632B -- C:\WINDOWS\$NtUninstallKB974318_0$\rastls.dll
[2009/10/12 08:28:47 | 000,150,016 | ---- | M] (Microsoft Corporation) MD5=C84B060A6181A2E70DE0A77142DF975E -- C:\WINDOWS\$hf_mig$\KB974318\SP3QFE\rastls.dll
[2009/10/12 08:41:28 | 000,113,664 | ---- | M] (Microsoft Corporation) MD5=EF968C9D9AF1A6EE0C8E8BB48A3B7166 -- C:\WINDOWS\$hf_mig$\KB974318\SP2QFE\rastls.dll

< MD5 for: RPCSS.DLL >
[2009/02/09 05:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=01095FEBF33BEEA00C2A0730B9B3EC28 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2009/02/09 05:01:53 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=24B5D53B9ACCC1E2EDCF0A878D6659D4 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2004/08/10 14:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 05:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/07/25 23:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005/04/28 14:31:11 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=C8061F289E000703E7672916B7FE1571 -- C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005/07/25 23:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\WINDOWS\$NtUninstallKB956572_0$\rpcss.dll
[2005/04/28 14:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

< MD5 for: RSVP.EXE >
[2004/08/10 14:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=471B3F9741D762ABE75E9DEEA4787E47 -- C:\WINDOWS\system32\rsvp.exe

< MD5 for: RSVPPERF.DLL >
[2004/08/10 14:00:00 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F9DD799E07ED5028DB2F1FFEA72C9357 -- C:\WINDOWS\system32\rsvpperf.dll

< MD5 for: SCARDSVR.EXE >
[2004/08/10 14:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=25D8DE134DF108E3DBC8D7D23B1AA58E -- C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe
[2004/08/10 14:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=25D8DE134DF108E3DBC8D7D23B1AA58E -- C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe
[2008/04/13 19:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=86D007E7A654B9A71D1D7D856B104353 -- C:\WINDOWS\ServicePackFiles\i386\scardsvr.exe
[2008/04/13 19:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=86D007E7A654B9A71D1D7D856B104353 -- C:\WINDOWS\ServicePackFiles\i386\scardsvr.exe
[2008/04/13 19:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=86D007E7A654B9A71D1D7D856B104353 -- C:\WINDOWS\system32\scardsvr.exe
[2008/04/13 19:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=86D007E7A654B9A71D1D7D856B104353 -- C:\WINDOWS\system32\scardsvr.exe

< MD5 for: SCHEDSVC.DLL >
[2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) MD5=0A9A7365A1CA4319AA7C1D6CD8E4EAFA -- C:\WINDOWS\ERDNT\cache\schedsvc.dll
[2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) MD5=0A9A7365A1CA4319AA7C1D6CD8E4EAFA -- C:\WINDOWS\ERDNT\cache\schedsvc.dll
[2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) MD5=0A9A7365A1CA4319AA7C1D6CD8E4EAFA -- C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
[2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) MD5=0A9A7365A1CA4319AA7C1D6CD8E4EAFA -- C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
[2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) MD5=0A9A7365A1CA4319AA7C1D6CD8E4EAFA -- C:\WINDOWS\system32\schedsvc.dll
[2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) MD5=0A9A7365A1CA4319AA7C1D6CD8E4EAFA -- C:\WINDOWS\system32\schedsvc.dll
[2004/08/10 14:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=92360854316611F6CC471612213C3D92 -- C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll
[2004/08/10 14:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=92360854316611F6CC471612213C3D92 -- C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll

< MD5 for: SCSIPORT.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:scsiport.sys
[2010/05/03 08:18:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:scsiport.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:scsiport.sys
[2010/05/03 08:18:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:scsiport.sys
[2008/04/13 13:40:30 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=76C465F570E90C28942D52CCB2580A10 -- C:\WINDOWS\ServicePackFiles\i386\scsiport.sys
[2008/04/13 13:40:30 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=76C465F570E90C28942D52CCB2580A10 -- C:\WINDOWS\system32\drivers\scsiport.sys
[2004/08/10 14:00:00 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=D7FD0FF761E28AC0EA35AD71E0CD67E9 -- C:\WINDOWS\$NtServicePackUninstall$\scsiport.sys

< MD5 for: SENS.DLL >
[2008/04/13 19:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=7FDD5D0684ECA8C1F68B4D99D124DCD0 -- C:\WINDOWS\ServicePackFiles\i386\sens.dll
[2008/04/13 19:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=7FDD5D0684ECA8C1F68B4D99D124DCD0 -- C:\WINDOWS\system32\sens.dll
[2004/08/10 14:00:00 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=DFD9870CF39C791D86C4C209DA9FA919 -- C:\WINDOWS\$NtServicePackUninstall$\sens.dll

< MD5 for: SESSMGR.EXE >
[2008/04/13 19:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=3C37BF86641BDA977C3BF8A840F3B7FA -- C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe
[2008/04/13 19:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=3C37BF86641BDA977C3BF8A840F3B7FA -- C:\WINDOWS\system32\sessmgr.exe
[2004/08/10 14:00:00 | 000,140,800 | ---- | M] (Microsoft Corporation) MD5=729798E0933076B8FCFCD9934698F164 -- C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe

< MD5 for: SHSVCS.DLL >
[2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=1926899BF9FFE2602B63074971700412 -- C:\WINDOWS\ERDNT\cache\shsvcs.dll
[2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=1926899BF9FFE2602B63074971700412 -- C:\WINDOWS\ERDNT\cache\shsvcs.dll
[2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=1926899BF9FFE2602B63074971700412 -- C:\WINDOWS\ERDNT\cache\shsvcs.dll
[2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=1926899BF9FFE2602B63074971700412 -- C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
[2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=1926899BF9FFE2602B63074971700412 -- C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
[2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=1926899BF9FFE2602B63074971700412 -- C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
[2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=1926899BF9FFE2602B63074971700412 -- C:\WINDOWS\system32\shsvcs.dll
[2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=1926899BF9FFE2602B63074971700412 -- C:\WINDOWS\system32\shsvcs.dll
[2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=1926899BF9FFE2602B63074971700412 -- C:\WINDOWS\system32\shsvcs.dll
[2006/12/19 16:50:10 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=53D9184A21C5CBF600D918E51EF3A7E5 -- C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[2006/12/19 16:50:10 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=53D9184A21C5CBF600D918E51EF3A7E5 -- C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[2006/12/19 16:50:10 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=53D9184A21C5CBF600D918E51EF3A7E5 -- C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[2006/12/19 16:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=6815DEF9B810AEFAC107EEAF72DA6F82 -- C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll
[2006/12/19 16:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=6815DEF9B810AEFAC107EEAF72DA6F82 -- C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll
[2006/12/19 16:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=6815DEF9B810AEFAC107EEAF72DA6F82 -- C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll
[2004/08/10 14:00:00 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=E7518DC542D3EBDCB80EDD98462C7821 -- C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll
[2004/08/10 14:00:00 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=E7518DC542D3EBDCB80EDD98462C7821 -- C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll
[2004/08/10 14:00:00 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=E7518DC542D3EBDCB80EDD98462C7821 -- C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll

< MD5 for: SMSVCHOST.EXE >
[2008/07/29 13:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=D34612C5D02D026535B3095D620626AE -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

< MD5 for: SRVSVC.DLL >
[2004/12/07 14:32:34 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=0CB3AF149A0BAC0836022CA307C7A0F8 -- C:\WINDOWS\$NtServicePackUninstall$\srvsvc.dll
[2010/08/27 01:05:07 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=3695B8D03745B2F8022B161238347A9D -- C:\WINDOWS\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
[2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=3A7C3CBE5D96B8AE96CE81F0B22FB527 -- C:\WINDOWS\system32\dllcache\srvsvc.dll
[2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=3A7C3CBE5D96B8AE96CE81F0B22FB527 -- C:\WINDOWS\system32\srvsvc.dll
[2004/12/07 14:29:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=4E9EA6CC8DB8DCEF7FB37F2C9B4CC556 -- C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
[2004/08/10 14:00:00 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=93D32468D34E000CB3407947D1D6E22A -- C:\WINDOWS\$NtUninstallKB888302$\srvsvc.dll
[2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=F385F4B02C535BFFE1D70CAB80838123 -- C:\WINDOWS\$NtUninstallKB2345886$\srvsvc.dll
[2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=F385F4B02C535BFFE1D70CAB80838123 -- C:\WINDOWS\ServicePackFiles\i386\srvsvc.dll

< MD5 for: SSDPSRV.DLL >
[2008/04/13 19:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=0A5679B3714EDAB99E357057EE88FCA6 -- C:\WINDOWS\ERDNT\cache\ssdpsrv.dll
[2008/04/13 19:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=0A5679B3714EDAB99E357057EE88FCA6 -- C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
[2008/04/13 19:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=0A5679B3714EDAB99E357057EE88FCA6 -- C:\WINDOWS\system32\ssdpsrv.dll
[2004/08/10 14:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=4B8D61792F7175BED48859CC18CE4E38 -- C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TAPISRV.DLL >
[2005/07/08 11:28:58 | 000,249,344 | ---- | M] (Microsoft Corporation) MD5=1418A3A6E76E5A2E3F5E43866E793A8B -- C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) MD5=3CB78C17BB664637787C9A1C98F79C38 -- C:\WINDOWS\ERDNT\cache\tapisrv.dll
[2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) MD5=3CB78C17BB664637787C9A1C98F79C38 -- C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll
[2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) MD5=3CB78C17BB664637787C9A1C98F79C38 -- C:\WINDOWS\system32\tapisrv.dll
[2004/08/10 14:00:00 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=EB4A4187D74A8EFDCBEA3EA2CB1BDFBD -- C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll
[2005/07/08 11:27:56 | 000,249,344 | ---- | M] (Microsoft Corporation) MD5=FB78839B36025AA286A51289ED28B73E -- C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll

< MD5 for: TERMSRV.DLL >
[2004/08/10 14:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtUninstallKB895961$\termsrv.dll
[2005/03/10 09:49:51 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=C29A5286E64D97385178452D5F307B98 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: TLNTSVR.EXE >
[2004/08/10 14:00:00 | 000,073,216 | ---- | M] (Microsoft Corporation) MD5=37DB0A7D097310E8B4DE803FC3119C78 -- C:\WINDOWS\$NtServicePackUninstall$\tlntsvr.exe
[2008/04/13 19:12:38 | 000,073,216 | ---- | M] (Microsoft Corporation) MD5=DB7205804759FF62C34E3EFD8A4CC76A -- C:\WINDOWS\ServicePackFiles\i386\tlntsvr.exe
[2008/04/13 19:12:38 | 000,073,216 | ---- | M] (Microsoft Corporation) MD5=DB7205804759FF62C34E3EFD8A4CC76A -- C:\WINDOWS\system32\tlntsvr.exe

< MD5 for: TRKWKS.DLL >
[2008/04/13 19:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=55BCA12F7F523D35CA3CB833C725F54E -- C:\WINDOWS\ServicePackFiles\i386\trkwks.dll
[2008/04/13 19:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=55BCA12F7F523D35CA3CB833C725F54E -- C:\WINDOWS\system32\trkwks.dll
[2004/08/10 14:00:00 | 000,090,624 | ---- | M] (Microsoft Corporation) MD5=6D9AC544B30F96C57F8206566C1FB6A1 -- C:\WINDOWS\$NtServicePackUninstall$\trkwks.dll

< MD5 for: UPNPHOST.DLL >
[2004/08/10 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=0546477BDE979E33294FE97F6B3DE84A -- C:\WINDOWS\$NtUninstallKB931261$\upnphost.dll
[2008/04/13 19:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=1EBAFEB9A3FBDC41B8D9C7F0F687AD91 -- C:\WINDOWS\ERDNT\cache\upnphost.dll
[2008/04/13 19:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=1EBAFEB9A3FBDC41B8D9C7F0F687AD91 -- C:\WINDOWS\ServicePackFiles\i386\upnphost.dll
[2008/04/13 19:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=1EBAFEB9A3FBDC41B8D9C7F0F687AD91 -- C:\WINDOWS\system32\upnphost.dll
[2007/02/05 15:19:14 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=36ACA6CDC19C95FF468A1426EB7F32F0 -- C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[2007/02/05 15:17:02 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=ACA5D98663D879C6BAAFCEA7E2F1B710 -- C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll

< MD5 for: UPS.EXE >
[2008/04/13 19:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=05365FB38FCA1E98F7A566AAAF5D1815 -- C:\WINDOWS\ServicePackFiles\i386\ups.exe
[2008/04/13 19:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=05365FB38FCA1E98F7A566AAAF5D1815 -- C:\WINDOWS\system32\ups.exe
[2004/08/10 14:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=3F5DF65B0758675F95A2D43918A740A3 -- C:\WINDOWS\$NtServicePackUninstall$\ups.exe

< MD5 for: VSSVC.EXE >
[2004/08/10 14:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) MD5=3EE00364AE0FD8D604F46CBAF512838A -- C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe
[2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) MD5=7A9DB3A67C333BF0BD42E42B8596854B -- C:\WINDOWS\ServicePackFiles\i386\vssvc.exe
[2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) MD5=7A9DB3A67C333BF0BD42E42B8596854B -- C:\WINDOWS\system32\vssvc.exe

< MD5 for: W32TIME.DLL >
[2004/08/10 14:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=2B281958F5D0CF99ED626E3EF39D5C8D -- C:\WINDOWS\$NtServicePackUninstall$\w32time.dll
[2008/04/13 19:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=54AF4B1D5459500EF0937F6D33B1914F -- C:\WINDOWS\ERDNT\cache\w32time.dll
[2008/04/13 19:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=54AF4B1D5459500EF0937F6D33B1914F -- C:\WINDOWS\ServicePackFiles\i386\w32time.dll
[2008/04/13 19:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=54AF4B1D5459500EF0937F6D33B1914F -- C:\WINDOWS\system32\w32time.dll

< MD5 for: W3SSL.DLL >
[2004/08/10 14:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=064D8581ADF77C25133E7D751D917D83 -- C:\WINDOWS\$NtServicePackUninstall$\w3ssl.dll
[2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=6100A808600F44D999CEBDEF8841C7A3 -- C:\WINDOWS\ServicePackFiles\i386\w3ssl.dll
[2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=6100A808600F44D999CEBDEF8841C7A3 -- C:\WINDOWS\system32\w3ssl.dll

< MD5 for: WDFMGR.EXE >
[2004/08/10 14:00:00 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=1977313E362C8732C1AF4D1BCB9C06B7 -- C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wdfmgr.exe
[2005/08/04 04:29:52 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=9651E5D850B6F6BD7C77C70AA06F02BF -- C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
[2005/08/04 04:29:52 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=9651E5D850B6F6BD7C77C70AA06F02BF -- C:\WINDOWS\system32\wdfmgr.exe

< MD5 for: WEBCLNT.DLL >
[2006/01/03 22:35:05 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=265F534EF76832435AFBF771EC97176D -- C:\WINDOWS\$NtServicePackUninstall$\webclnt.dll
[2006/01/03 23:18:34 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=346E7D636ADFE4E3B1B32AF8326220FF -- C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
[2004/08/10 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) MD5=5D0A442864BFBF3B19DCCA4CD29F6E99 -- C:\WINDOWS\$NtUninstallKB911927$\webclnt.dll
[2008/04/13 19:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=77A354E28153AD2D5E120A5A8687BC06 -- C:\WINDOWS\ServicePackFiles\i386\webclnt.dll
[2008/04/13 19:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=77A354E28153AD2D5E120A5A8687BC06 -- C:\WINDOWS\system32\webclnt.dll

< MD5 for: WIASERVC.DLL >
[2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) MD5=8BAD69CBAC032D4BBACFCE0306174C30 -- C:\WINDOWS\ERDNT\cache\wiaservc.dll
[2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) MD5=8BAD69CBAC032D4BBACFCE0306174C30 -- C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll
[2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) MD5=8BAD69CBAC032D4BBACFCE0306174C30 -- C:\WINDOWS\system32\wiaservc.dll
[2006/12/19 13:16:47 | 000,333,824 | ---- | M] (Microsoft Corporation) MD5=B6763F8534AC547CF1AF98AFDFF2EDC8 -- C:\WINDOWS\$NtServicePackUninstall$\wiaservc.dll
[2006/12/19 13:47:14 | 000,333,824 | ---- | M] (Microsoft Corporation) MD5=D9F097AA3B97034D3358A01B43E635B2 -- C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[2004/08/10 14:00:00 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=D9F6C4F6B1E188ADAFC42B561D9BC2E6 -- C:\WINDOWS\$NtUninstallKB927802$\wiaservc.dll

< MD5 for: WINRNR.DLL >
[2004/08/10 14:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< MD5 for: WKSSVC.DLL >
[2008/04/13 19:12:09 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=1B67B632786FEF1C1BBAEF46C2F3F2E6 -- C:\WINDOWS\$NtUninstallKB971657$\wkssvc.dll
[2008/04/13 19:12:09 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=1B67B632786FEF1C1BBAEF46C2F3F2E6 -- C:\WINDOWS\ServicePackFiles\i386\wkssvc.dll
[2004/08/10 14:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=2C0A7B2AE9C26F2C163627679B42783C -- C:\WINDOWS\$NtUninstallKB924270$\wkssvc.dll
[2009/06/10 01:17:16 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=3B9324D60DD321BAB7BF6F77931D3FD1 -- C:\WINDOWS\$hf_mig$\KB971657\SP3QFE\wkssvc.dll
[2006/08/17 07:28:27 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=3CD291A2C4909088B3D1E98DED73D4B2 -- C:\WINDOWS\$NtUninstallKB971657_0$\wkssvc.dll
[2009/06/10 01:26:59 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=4C79D9C38DC98CF1C035EC8470B7D1D5 -- C:\WINDOWS\$hf_mig$\KB971657\SP2QFE\wkssvc.dll
[2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=A8888A5327621856C0CEC4E385F69309 -- C:\WINDOWS\$hf_mig$\KB971657\SP3GDR\wkssvc.dll
[2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=A8888A5327621856C0CEC4E385F69309 -- C:\WINDOWS\system32\dllcache\wkssvc.dll
[2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=A8888A5327621856C0CEC4E385F69309 -- C:\WINDOWS\system32\wkssvc.dll
[2009/06/10 01:32:40 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=E1F27CFCD114EC9F1E1F44674B2FF9F0 -- C:\WINDOWS\$NtServicePackUninstall$\wkssvc.dll
[2006/08/17 07:37:49 | 000,132,096 | ---- | M] (Microsoft Corporation) MD5=EF48ED538B8BF80825DABB6BA17F2F09 -- C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll

< MD5 for: WMIAPRPL.DLL >
[2008/04/13 19:12:09 | 000,088,576 | ---- | M] (Microsoft Corporation) MD5=75EE1625AD8B52C5FAA1CCB1B82FB750 -- C:\WINDOWS\ServicePackFiles\i386\wmiaprpl.dll
[2008/04/13 19:12:09 | 000,088,576 | ---- | M] (Microsoft Corporation) MD5=75EE1625AD8B52C5FAA1CCB1B82FB750 -- C:\WINDOWS\system32\wbem\wmiaprpl.dll
[2004/08/10 14:00:00 | 000,089,088 | ---- | M] (Microsoft Corporation) MD5=F2AC62CFA9D59FE10AEAD3906BD591BA -- C:\WINDOWS\$NtServicePackUninstall$\wmiaprpl.dll

< MD5 for: WMIAPSRV.EXE >
[2004/08/10 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=BA8CECC3E813E1F7C441B20393D4F86C -- C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe
[2008/04/13 19:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=E0673F1106E62A68D2257E376079F821 -- C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe
[2008/04/13 19:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=E0673F1106E62A68D2257E376079F821 -- C:\WINDOWS\system32\wbem\wmiapsrv.exe

< MD5 for: WZCSVC.DLL >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:wzcsvc.dll
[2010/05/03 08:18:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:wzcsvc.dll
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:wzcsvc.dll
[2010/05/03 08:18:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:wzcsvc.dll
[2005/06/22 00:00:18 | 000,474,624 | ---- | M] (Microsoft Corporation) MD5=247520EDED53A08AE89EA4FAE04F54D8 -- C:\WINDOWS\$NtServicePackUninstall$\wzcsvc.dll
[2004/08/10 14:00:00 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=5A91E6FEAB9F901302FA7FF768C0120F -- C:\WINDOWS\$NtUninstallKB899337$\wzcsvc.dll
[2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) MD5=81DC3F549F44B1C1FFF022DEC9ECF30B -- C:\WINDOWS\ServicePackFiles\i386\wzcsvc.dll
[2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) MD5=81DC3F549F44B1C1FFF022DEC9ECF30B -- C:\WINDOWS\system32\wzcsvc.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/10 14:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll
< End of report >
  • 0

#100
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Lets try this fix:

  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\windows\System32\hidserv.dll|C:\WINDOWS\ServicePackFiles\i386\hidserv.dll /replace
    C:\WINDOWS\system32\mscoree.dll|C:\WINDOWS\ServicePackFiles\i386\mscoree.dll /replace

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

If the files are succesfully replaced, restart the computer in Normal Mode. Let me know if there is a difference.
  • 0

Advertisements


#101
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Please find copy of OTLPE log below:


========== FILES ==========
File C:\windows\System32\hidserv.dll successfully replaced with C:\WINDOWS\ServicePackFiles\i386\hidserv.dll
File C:\WINDOWS\system32\mscoree.dll successfully replaced with C:\WINDOWS\ServicePackFiles\i386\mscoree.dll

OTLPE by OldTimer - Version 3.1.43.0 log created on 01072011_213527

I ran the PC in normal mode, still got message no boot.ini booting from windows on start up.

I got 2 error messages.
1) lxdfamon.exe entry point not found. The procedure entry point GetRequestedRuntimeInfo could not be located int he dynamic link library mscoree.dll

2) .netframework initialization error. C:\WINDOWS\microsoft.net\Framework\V2.0.50727 mscorwks.dll could not be loaded.

Good news, the device manager is now working and there are no question marks against any files.
Bad news, PC still won't connect to the internet, same message as before and it will still not recognise the flash drive in the USB port.

Edited by Jan1959, 07 January 2011 - 04:11 PM.

  • 0

#102
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Let me have the brand, model and series of our computer. Perhaps there are drivers available online.

I would also like to attempt to create a new profile to discard the possibility of a corrupted profile. For this you will need to boot in Safe Mode and logon as the administrator. Once on the desktop, click on Start ->Run, type Control nusrmgr.cpl and click OK. Create a new account with administrative rights. Once done, restart the computer in Normal Mode and logon into the new account. Would that make a difference?

In addition, we need to install the recovery console. Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System. (SP3 can use the SP2 pack) Download and place this file next to Combofix.


Posted Image

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When completed, a log named CF_RC.txt will open. Please post the contents of that log.

When the Recovery Console is installed you will see a menu at startup where you can select your Windows Installation and the Recovery Console. The Recovery Console is an important tool and should be used by qualified users.

Let me know if successful.
  • 0

#103
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
The brand of the PC is a Gateway laptop. Model number MX6933b, I think that it was a T5500 but it does not say on the back.

I have tried creating a new administrator account but I cannot type in the Control instruction as the keyboard is still corrupt unless I am using OTLPE.

I will now attempt to install the recovery console
  • 0

#104
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
I have tried to load the recovery console but when I drag and drop the Windows Set UP to ComboFix it starts to load and then comes up with the error message CFScript appears to be incorrectly spelt. ComboFix then closes.

I have followed your instructions and the Windows file name is correct, am I doing something wrong?

PS Thank you for helping me today - hope that you had a happy birthday.

Edited by Jan1959, 07 January 2011 - 05:40 PM.

  • 0

#105
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
If you are still receiving an error at startup concerning the Boot.ini, follow these steps:

Download the enclosed folder. [attachment=47043:BootFix.zip]Extract its contents and transfer to the sick computer. In Norma Mode, open the Bootfif folder and click on the Runme.bat file. That should rename the Boot.ini if exist, and and copy the enclosed one to the root folder. WE need to resolve the boot.ini file issue prior to installing the Recovery Console.

Since you have a Windos XP install disk, you can manually install the Recovery Console. Here are the instructions:

http://support.microsoft.com/kb/307654

Let me know if successful.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP