PATH: C:\windows\system32
7DB1AFB434.sys
cdplayer.exe.manifest
dllcache
KGyGaAvL.sys
logonui.exe.manifest
mlfcache.dat
ncpa.cpl.manifest
nwc.cpl.manifest
sapi.cpl.manifest
Scrnscps.GID
WindowsLogon.manifest
wuaucpl.cpl.manifest
PATH: C:\windows\system32\drivers
PATH: C:\
boot.ini
boot.ini.whitecanyon
ehthumbs.db
hiberfil.sys
IO.SYS
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
RECYCLER
System Volume Information
User Profile check
public
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xaf392666
ProfileLoadTimeHigh REG_DWORD 0x1cb0135
RefCount REG_DWORD 0x4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xaf0bd9b8
ProfileLoadTimeHigh REG_DWORD 0x1cb0135
RefCount REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-161134817-1714075396-1781636095-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\default
Sid REG_BINARY 010500000000000515000000E1B89A0904B72A66FF9B316AEB030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x95cc1270
ProfileLoadTimeHigh REG_DWORD 0x1c9528f
RefCount REG_DWORD 0x0
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-161134817-1714075396-1781636095-1004
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Test
Sid REG_BINARY 010500000000000515000000E1B89A0904B72A66FF9B316AEC030000
Flags REG_DWORD 0x0
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x5c0db250
ProfileLoadTimeHigh REG_DWORD 0x1c5c908
RefCount REG_DWORD 0x0
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb
NextLogonCacheable REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-161134817-1714075396-1781636095-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\test2
Sid REG_BINARY 010500000000000515000000E1B89A0904B72A66FF9B316AED030000
Flags REG_DWORD 0x0
State REG_DWORD 0x4
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x663a39b8
ProfileLoadTimeHigh REG_DWORD 0x1c5c90a
RefCount REG_DWORD 0x0
RunLogonscriptSync REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-161134817-1714075396-1781636095-1010
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Owner
Sid REG_BINARY 010500000000000515000000E1B89A0904B72A66FF9B316AF2030000
Flags REG_DWORD 0x1
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xbe6e8680
ProfileLoadTimeHigh REG_DWORD 0x1cb0135
RefCount REG_DWORD 0x2
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb
NextLogonCacheable REG_DWORD 0x0
Current Scheduled Tasks
PATH: C:\Windows\Tasks
Ad-Aware Update (Weekly).job
Google Software Updater.job
HP Usg Daily.job
desktop.ini
Microsoft_Hardware_Launch_IType_exe.job
SA.DAT
Windows Drivers and NT-Services
Volume in drive C has no label.
Volume Serial Number is A4EE-8BEA
Directory of C:\Windows\System32\Drivers
Volume in drive C has no label.
Volume Serial Number is A4EE-8BEA
Directory of C:\Windows\System32\Drivers
09/10/1999 12:06 PM 25,244 ASPI32.SYS
08/17/2001 06:59 AM 3,072 audstub.sys
08/17/2001 01:51 PM 3,328 pciide.sys
08/17/2001 02:48 PM 12,160 mouhid.sys
01/06/2004 12:58 AM 69,575 HidCom.sys
07/17/2004 11:35 AM 67,866 netwlan5.img
07/17/2004 11:36 AM 64,352 ativmc20.cod
07/17/2004 10:55 PM 129,045 cxthsfs2.cty
08/03/2004 03:31 PM 20,992 RTL8139.sys
08/03/2004 10:29 PM 57,856 atinbtxx.sys
08/03/2004 10:29 PM 701,440 ati2mtag.sys
08/03/2004 10:29 PM 327,040 ati2mtaa.sys
08/03/2004 10:29 PM 11,615 ati1mdxx.sys
08/03/2004 10:29 PM 12,047 ati1pdxx.sys
08/03/2004 10:29 PM 52,224 atinraxx.sys
08/03/2004 10:29 PM 56,623 ati1btxx.sys
08/03/2004 10:29 PM 13,824 atinmdxx.sys
08/03/2004 10:29 PM 14,336 atinpdxx.sys
08/03/2004 10:29 PM 31,744 atinxbxx.sys
08/03/2004 10:29 PM 73,216 atintuxx.sys
08/03/2004 10:29 PM 13,824 atinttxx.sys
08/03/2004 10:29 PM 28,672 atinsnxx.sys
08/03/2004 10:29 PM 26,367 ati1snxx.sys
08/03/2004 10:29 PM 104,960 atinrvxx.sys
08/03/2004 10:29 PM 21,343 ati1ttxx.sys
08/03/2004 10:29 PM 29,455 ati1xbxx.sys
08/03/2004 10:29 PM 34,735 ati1xsxx.sys
08/03/2004 10:29 PM 36,463 ati1tuxx.sys
08/03/2004 10:29 PM 30,671 ati1raxx.sys
08/03/2004 10:29 PM 63,663 ati1rvxx.sys
08/03/2004 10:29 PM 63,488 atinxsxx.sys
08/03/2004 10:29 PM 452,736 mtxparhm.sys
08/03/2004 10:29 PM 11,295 wadv08nt.sys
08/03/2004 10:29 PM 11,807 wadv07nt.sys
08/03/2004 10:29 PM 11,871 wadv09nt.sys
08/03/2004 10:29 PM 11,935 wadv11nt.sys
08/03/2004 10:29 PM 25,471 watv10nt.sys
08/03/2004 10:29 PM 22,271 watv06nt.sys
08/03/2004 10:29 PM 166,912 s3gnbm.sys
08/03/2004 10:29 PM 1,897,408 nv4_mini.sys
08/03/2004 10:41 PM 1,309,184 mtlstrm.sys
08/03/2004 10:41 PM 13,776 recagent.sys
08/03/2004 10:41 PM 126,686 mtlmnt5.sys
08/03/2004 10:41 PM 180,360 ntmtlfax.sys
08/03/2004 10:41 PM 129,535 slnt7554.sys
08/03/2004 10:41 PM 404,990 slntamr.sys
08/03/2004 10:41 PM 95,424 slnthal.sys
08/03/2004 10:41 PM 13,240 slwdmsup.sys
08/03/2004 10:41 PM 220,032 hsfbs2s2.sys
08/03/2004 10:41 PM 685,056 hsfcxts2.sys
08/03/2004 10:41 PM 11,868 mdmxsdk.sys
08/03/2004 10:41 PM 1,041,536 hsfdpsp2.sys
08/10/2004 03:45 AM 11,008 mhndrv.sys
08/10/2004 05:00 AM 352,256 atmuni.sys
08/10/2004 05:00 AM 31,360 atmepvc.sys
08/10/2004 05:00 AM 4,736 usbd.sys
08/10/2004 05:00 AM 58,112 vdmindvd.sys
08/10/2004 05:00 AM 646 gmreadme.txt
08/10/2004 05:00 AM 4,352 wmilib.sys
08/10/2004 05:00 AM 32,896 ipfltdrv.sys
08/10/2004 05:00 AM 125,056 ftdisk.sys
08/10/2004 05:00 AM 7,680 mcd.sys
08/10/2004 05:00 AM 12,160 fsvga.sys
08/10/2004 05:00 AM 4,224 beep.sys
08/10/2004 05:00 AM 5,888 rootmdm.sys
08/10/2004 05:00 AM 12,032 riodrv.sys
08/10/2004 05:00 AM 12,032 rio8drv.sys
08/10/2004 05:00 AM 3,440,660 gm.dls
08/10/2004 05:00 AM 4,224 rdpcdd.sys
08/10/2004 05:00 AM 34,432 rawwan.sys
08/10/2004 05:00 AM 16,512 raspti.sys
08/10/2004 05:00 AM 13,952 cbidf2k.sys
08/10/2004 05:00 AM 18,688 cdaudio.sys
08/10/2004 05:00 AM 8,832 rasacd.sys
08/10/2004 05:00 AM 21,376 tsbvcap.sys
08/10/2004 05:00 AM 17,792 ptilink.sys
08/10/2004 05:00 AM 262,528 cinemst2.sys
08/10/2004 05:00 AM 51,712 tosdvd.sys
08/10/2004 05:00 AM 11,776 cpqdap01.sys
08/10/2004 05:00 AM 2,944 null.sys
08/10/2004 05:00 AM 11,648 acpiec.sys
08/10/2004 05:00 AM 12,032 ws2ifsl.sys
08/10/2004 05:00 AM 7,936 fs_rec.sys
08/10/2004 05:00 AM 6,784 parvdm.sys
08/10/2004 05:00 AM 4,224 mnmdd.sys
08/10/2004 05:00 AM 3,456 oprghdlr.sys
08/10/2004 05:00 AM 55,936 nwlnkspx.sys
08/10/2004 05:00 AM 5,888 dmload.sys
08/10/2004 05:00 AM 63,232 nwlnknb.sys
08/10/2004 05:00 AM 32,512 nwlnkfwd.sys
08/10/2004 05:00 AM 12,416 nwlnkflt.sys
08/10/2004 05:00 AM 10,496 dxapi.sys
08/10/2004 05:00 AM 14,592 smclib.sys
08/10/2004 05:00 AM 3,328 dxgthk.sys
08/10/2004 05:00 AM 12,032 nikedrv.sys
08/10/2004 11:39 PM 41,984 DGIVECP.SYS
09/13/2004 09:00 AM 88,960 MidiSyn.sys
01/01/2005 10:16 PM 20,747 AegisP.sys
02/01/2005 07:18 PM 17,992 bcm42rly.sys
02/28/2005 09:01 PM 392,704 senfilt.sys
03/03/2005 08:10 PM 74,496 Rtlnicxp.sys
03/04/2005 04:53 AM 127,872 aeaudio.sys
03/28/2005 09:19 AM 220,992 smwdm.sys
04/24/2005 07:56 PM 889,628 ialmnt5.sys
09/21/2005 08:07 AM
etc
11/17/2005 06:38 PM 2,048 rt73.bin
11/24/2005 07:51 PM 245,248 rt73.sys
09/28/2006 06:55 PM 77,568 WudfPf.sys
09/28/2006 07:00 PM 82,944 WudfRd.sys
10/18/2006 04:00 AM 36,624 pxhelp20.sys
10/18/2006 08:00 PM 38,528 wpdusb.sys
11/13/2007 03:25 AM 20,480 secdrv.sys
04/13/2008 09:36 AM 144,384 hdaudbus.sys
04/13/2008 09:39 AM 142,592 aec.sys
04/13/2008 11:31 AM 35,840 processr.sys
04/13/2008 11:31 AM 42,752 p3.sys
04/13/2008 11:31 AM 36,736 crusoe.sys
04/13/2008 11:31 AM 37,376 amdk6.sys
04/13/2008 11:31 AM 36,352 intelppm.sys
04/13/2008 11:31 AM 37,760 amdk7.sys
04/13/2008 11:32 AM 66,048 udfs.sys
04/13/2008 11:32 AM 19,072 msfs.sys
04/13/2008 11:32 AM 30,848 npfs.sys
04/13/2008 11:32 AM 180,608 mrxdav.sys
04/13/2008 11:32 AM 196,224 rdpdr.sys
04/13/2008 11:32 AM 129,792 fltmgr.sys
04/13/2008 11:33 AM 44,544 fips.sys
04/13/2008 11:34 AM 163,584 nwrdr.sys
04/13/2008 11:36 AM 5,888 smbali.sys
04/13/2008 11:36 AM 187,776 acpi.sys
04/13/2008 11:36 AM 42,368 agp440.sys
04/13/2008 11:36 AM 42,752 alim1541.sys
04/13/2008 11:36 AM 43,008 amdagp.sys
04/13/2008 11:36 AM 40,960 sisagp.sys
04/13/2008 11:36 AM 44,928 agpcpq.sys
04/13/2008 11:36 AM 44,672 uagp35.sys
04/13/2008 11:36 AM 42,240 viaagp.sys
04/13/2008 11:36 AM 46,464 gagp30kx.sys
04/13/2008 11:36 AM 37,248 isapnp.sys
04/13/2008 11:36 AM 63,744 mf.sys
04/13/2008 11:36 AM 120,192 pcmcia.sys
04/13/2008 11:36 AM 79,232 sdbus.sys
04/13/2008 11:36 AM 68,224 pci.sys
04/13/2008 11:36 AM 15,488 mssmbios.sys
04/13/2008 11:36 AM 73,472 sr.sys
04/13/2008 11:38 AM 71,168 dxg.sys
04/13/2008 11:39 AM 92,544 mqac.sys
04/13/2008 11:39 AM 384,768 update.sys
04/13/2008 11:39 AM 42,368 mountmgr.sys
04/13/2008 11:39 AM 23,040 mouclass.sys
04/13/2008 11:39 AM 24,576 kbdclass.sys
04/13/2008 11:39 AM 14,592 kbdhid.sys
04/13/2008 11:39 AM 5,376 mspclock.sys
04/13/2008 11:39 AM 4,992 mspqm.sys
04/13/2008 11:39 AM 7,552 mskssrv.sys
04/13/2008 11:39 AM 4,352 swenum.sys
04/13/2008 11:40 AM 80,128 parport.sys
04/13/2008 11:40 AM 15,744 serenum.sys
04/13/2008 11:40 AM 27,392 fdc.sys
04/13/2008 11:40 AM 20,480 flpydisk.sys
04/13/2008 11:40 AM 57,600 redbook.sys
04/13/2008 11:40 AM 24,960 pciidex.sys
04/13/2008 11:40 AM 5,504 intelide.sys
04/13/2008 11:40 AM 96,512 atapi.sys
04/13/2008 11:40 AM 96,384 scsiport.sys
04/13/2008 11:40 AM 14,208 diskdump.sys
04/13/2008 11:40 AM 62,976 cdrom.sys
04/13/2008 11:40 AM 11,008 sffp_sd.sys
04/13/2008 11:40 AM 11,904 sffdisk.sys
04/13/2008 11:40 AM 36,352 disk.sys
04/13/2008 11:40 AM 10,240 sffp_mmc.sys
04/13/2008 11:40 AM 11,392 sfloppy.sys
04/13/2008 11:40 AM 19,712 partmgr.sys
04/13/2008 11:40 AM 14,976 tape.sys
04/13/2008 11:40 AM 42,112 imapi.sys
04/13/2008 11:41 AM 52,352 volsnap.sys
04/13/2008 11:43 AM 12,672 mutohpen.sys
04/13/2008 11:43 AM 14,208 wacompen.sys
04/13/2008 11:44 AM 81,664 videoprt.sys
04/13/2008 11:44 AM 20,992 vga.sys
04/13/2008 11:44 AM 153,344 dmio.sys
04/13/2008 11:44 AM 799,744 dmboot.sys
04/13/2008 11:45 AM 52,864 dmusic.sys
04/13/2008 11:45 AM 6,272 splitter.sys
04/13/2008 11:45 AM 172,416 kmixer.sys
04/13/2008 11:45 AM 56,576 swmidi.sys
04/13/2008 11:45 AM 2,944 drmkaud.sys
04/13/2008 11:45 AM 60,160 drmk.sys
04/13/2008 11:45 AM 49,408 stream.sys
04/13/2008 11:45 AM 24,960 hidparse.sys
04/13/2008 11:45 AM 36,864 hidclass.sys
04/13/2008 11:45 AM 19,200 hidir.sys
04/13/2008 11:45 AM 10,368 hidusb.sys
04/13/2008 11:45 AM 46,592 irbus.sys
04/13/2008 11:45 AM 15,104 usbscan.sys
04/13/2008 11:45 AM 20,608 usbuhci.sys
04/13/2008 11:45 AM 30,208 usbehci.sys
04/13/2008 11:45 AM 143,872 usbport.sys
04/13/2008 11:45 AM 59,520 usbhub.sys
04/13/2008 11:45 AM 26,368 usbstor.sys
04/13/2008 11:45 AM 32,128 usbccgp.sys
04/13/2008 11:45 AM 25,600 usbcamd.sys
04/13/2008 11:45 AM 25,728 usbcamd2.sys
04/13/2008 11:45 AM 15,872 usbintel.sys
04/13/2008 11:46 AM 25,344 sonydcam.sys
04/13/2008 11:46 AM 121,984 usbvideo.sys
04/13/2008 11:46 AM 18,944 bthusb.sys
04/13/2008 11:46 AM 25,600 hidbth.sys
04/13/2008 11:46 AM 36,480 bthprint.sys
04/13/2008 11:46 AM 59,136 rfcomm.sys
04/13/2008 11:46 AM 37,888 bthmodem.sys
04/13/2008 11:46 AM 17,024 bthenum.sys
04/13/2008 11:47 AM 25,856 usbprint.sys
04/13/2008 11:51 AM 61,824 nic1394.sys
04/13/2008 11:51 AM 59,904 atmarpc.sys
04/13/2008 11:51 AM 60,800 arp1394.sys
04/13/2008 11:51 AM 55,808 atmlane.sys
04/13/2008 11:51 AM 101,120 bthpan.sys
04/13/2008 11:53 AM 40,320 nmnt.sys
04/13/2008 11:53 AM 71,552 bridge.sys
04/13/2008 11:53 AM 36,608 ip6fw.sys
04/13/2008 11:54 AM 11,264 irenum.sys
04/13/2008 11:55 AM 14,592 ndisuio.sys
04/13/2008 11:56 AM 12,288 tunmp.sys
04/13/2008 11:56 AM 34,688 netbios.sys
04/13/2008 11:56 AM 88,320 nwlnkipx.sys
04/13/2008 11:56 AM 35,072 msgpc.sys
04/13/2008 11:56 AM 69,120 psched.sys
04/13/2008 11:56 AM 12,800 usb8023x.sys
04/13/2008 11:56 AM 30,592 rndismpx.sys
04/13/2008 11:56 AM 30,592 rndismp.sys
04/13/2008 11:56 AM 12,800 usb8023.sys
04/13/2008 11:57 AM 20,864 ipinip.sys
04/13/2008 11:57 AM 152,832 ipnat.sys
04/13/2008 11:57 AM 34,560 wanarp.sys
04/13/2008 11:57 AM 10,112 ndistapi.sys
04/13/2008 11:57 AM 14,336 asyncmac.sys
04/13/2008 11:57 AM 40,576 ndproxy.sys
04/13/2008 11:57 AM 41,472 raspppoe.sys
04/13/2008 12:00 PM 19,072 tdi.sys
04/13/2008 12:00 PM 30,080 modem.sys
04/13/2008 12:14 PM 63,744 cdfs.sys
04/13/2008 12:14 PM 143,744 fastfat.sys
04/13/2008 12:15 PM 64,512 serial.sys
04/13/2008 12:15 PM 574,976 ntfs.sys
04/13/2008 12:15 PM 60,800 sysaudio.sys
04/13/2008 12:16 PM 49,536 classpnp.sys
04/13/2008 12:16 PM 141,056 ks.sys
04/13/2008 12:17 PM 105,344 mup.sys
04/13/2008 12:17 PM 83,072 wdmaud.sys
04/13/2008 12:18 PM 52,480 i8042prt.sys
04/13/2008 12:19 PM 146,048 portcls.sys
04/13/2008 12:19 PM 75,264 ipsec.sys
04/13/2008 12:19 PM 51,328 rasl2tp.sys
04/13/2008 12:19 PM 48,384 raspptp.sys
04/13/2008 12:20 PM 182,656 ndis.sys
04/13/2008 12:20 PM 91,520 ndiswan.sys
04/13/2008 12:21 PM 162,816 netbt.sys
04/13/2008 12:28 PM 175,744 rdbss.sys
04/13/2008 05:11 PM 3,647 adv07nt5.dll
04/13/2008 05:11 PM 3,135 adv08nt5.dll
04/13/2008 05:11 PM 3,615 adv05nt5.dll
04/13/2008 05:11 PM 4,255 adv01nt5.dll
04/13/2008 05:11 PM 3,967 adv02nt5.dll
04/13/2008 05:11 PM 3,775 adv11nt5.dll
04/13/2008 05:11 PM 3,711 adv09nt5.dll
04/13/2008 05:11 PM 17,279 atv10nt5.dll
04/13/2008 05:11 PM 14,143 atv06nt5.dll
04/13/2008 05:11 PM 21,183 atv01nt5.dll
04/13/2008 05:11 PM 11,359 atv02nt5.dll
04/13/2008 05:11 PM 25,471 atv04nt5.dll
04/13/2008 05:11 PM 15,423 ch7xxnt5.dll
04/13/2008 05:12 PM 3,901 siint5.dll
04/13/2008 05:12 PM 11,325 vchnt5.dll
04/13/2008 05:13 PM 12,040 tdpipe.sys
04/13/2008 05:13 PM 40,840 termdd.sys
04/13/2008 05:13 PM 21,896 tdtcp.sys
04/13/2008 05:13 PM 139,656 rdpwd.sys
05/08/2008 07:02 AM 203,136 rmcast.sys
06/13/2008 04:05 AM 272,128 bthport.sys
06/20/2008 04:51 AM 361,600 tcpip.sys
08/14/2008 03:04 AM 138,496 afd.sys
02/13/2009 12:17 PM 45,416 avgntdd.sys
02/13/2009 12:29 PM 22,360 avgntmgr.sys
03/25/2009 06:29 AM 130,432 Rtnicxp.sys
03/30/2009 10:33 AM 96,104 avipbb.sys
05/11/2009 10:12 AM 28,520 ssmdrv.sys
06/24/2009 04:18 AM 92,928 ksecdd.sys
08/26/2009 10:40 PM 21,568 HPZius12.sys
08/26/2009 10:41 PM 16,496 HPZipr12.sys
08/26/2009 10:41 PM 49,920 HPZid412.sys
09/08/2009 09:33 AM disdn
10/20/2009 09:20 AM 265,728 http.sys
11/25/2009 12:19 PM 56,816 avgntflt.sys
12/31/2009 09:50 AM 353,792 srv.sys
02/11/2010 05:02 AM 226,880 tcpip6.sys
02/24/2010 06:11 AM 455,680 mrxsmb.sys
04/05/2010 09:45 PM UMDF
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
05/21/2010 11:20 AM .
05/21/2010 11:20 AM ..
297 File(s) 29,109,559 bytes
5 Dir(s) 135,971,717,120 bytes free
Virtual drives found?
Environment variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WINTEC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\WINTEC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=WINTEC
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
Stealth malware?
Internet Explorer
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
Default_Secondary_Page_URL REG_MULTI_SZ \0\0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
IEWatsonDisable REG_DWORD 0x1
BigBitmap REG_SZ custom\38vrzn_static.bmp
SmallBitmap REG_SZ custom\22vrzn_static.bmp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 7.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
SecureProtocols REG_DWORD 0xa0
PrivDiscUiShown REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x0
EnableAutodial REG_DWORD 0x0
WarnOnIntranet REG_DWORD 0x0
ProxyHttp1.1 REG_DWORD 0x1
ShowPunycode REG_DWORD 0x0
EnablePunycode REG_DWORD 0x1
UrlEncoding REG_DWORD 0x0
DisableIDNPrompt REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x0
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x1
MaxConnectionsPerServer REG_DWORD 0xa
MaxConnectionsPer1_0Server REG_DWORD 0xa
ProxyOverride REG_SZ *.local
SyncMode5 REG_DWORD 0x4
GlobalUserOffline REG_DWORD 0x0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable script Debugger REG_SZ yes
Search Page REG_SZ
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ no
SearchMigrated REG_DWORD 0x1
SearchMigratedDefaultName REG_SZ Yahoo! Search
SearchMigratedDefaultURL REG_SZ http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
Expand Alt Text REG_SZ no
Move System Caret REG_SZ no
NoUpdateCheck REG_DWORD 0x1
NscSingleExpand REG_DWORD 0x0
DisablescriptDebuggerIE REG_SZ yes
Error Dlg Displayed On Every Error REG_SZ no
Page_Transitions REG_DWORD 0x1
FavIntelliMenus REG_SZ no
Enable Browser Extensions REG_SZ yes
UseThemes REG_DWORD 0x1
EnableSearchPane REG_DWORD 0x0
Force Offscreen Composition REG_DWORD 0x0
NotifyDownloadComplete REG_SZ yes
AllowWindowReuse REG_DWORD 0x1
Enable AutoImageResize REG_SZ yes
Play_Animations REG_SZ yes
Play_Background_Sounds REG_SZ yes
Show image placeholders REG_DWORD 0x0
Print_Background REG_SZ no
AutoSearch REG_DWORD 0x4
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3A0100000D000000B7030000D7020000
CompatibilityFlags REG_DWORD 0x0
SearchMigratedInstalled REG_DWORD 0x1
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
Start Page REG_SZ http://www.google.com/
FormSuggest PW Ask REG_SZ no
Use FormSuggest REG_SZ no
AutoHide REG_SZ yes
AlwaysShowMenus REG_DWORD 0x1
StatusBarWeb REG_DWORD 0x0
Friendly http errors REG_SZ no
SmoothScroll REG_DWORD 0x0
Use StyleSheets REG_SZ yes
Use Search Asst REG_SZ
Search Bar REG_SZ
SearchAssistant REG_SZ
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} REG_BINARY 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\QuickComplete
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
Security Center
Please download Malwarebytes Anti-Malware from Malwarebytes.org.
