Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Antivirus not working

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Antivirus not working

Unread postby Longbow1202 » August 17th, 2008, 12:18 am

my computer was running fine until i tried to install a driver for a dell photo 966 printer. It didnt let me install the driver, and now my antivirus (nod32) wont start, i keep recieving win32 errors whenever i try to start it or uninstall it. Also b4 i knew that there was any problems i tried to update my firefox. It did not let me install it properly and now i cannot remove it or run it so im stuck using internet explorer.
here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:17 AM, on 8/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Dwm.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0L043LA\R145450[1].exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC92951-DF82-406D-AABD-13A0F6535488}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AC92951-DF82-406D-AABD-13A0F6535488}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AC92951-DF82-406D-AABD-13A0F6535488}: NameServer = 205.171.3.65,205.171.2.65
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5092 bytes


Thanks alot
Juan
Longbow1202
Active Member
 
Posts: 6
Joined: August 17th, 2008, 12:09 am
Advertisement
Register to Remove

Re: Antivirus not working

Unread postby MikeSwim07 » August 20th, 2008, 8:43 pm

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please note: All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Antivirus not working

Unread postby MikeSwim07 » August 21st, 2008, 7:49 am

P2P Software

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

You must go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you do not wish to remove your P2P programs, please tell me and this topic will be closed.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Antivirus not working

Unread postby Longbow1202 » August 21st, 2008, 9:25 am

here is my uninstall list
and i removed bittorrent
AC3Filter (remove only)
Ad-Aware
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
CloneDVD2
Comcast High-Speed Internet Install Wizard
Dell Photo AIO Printer 966
DFX 8 for Windows Media Player
DivX Codec
DivX Converter
DivX Player
DivX Web Player
ESET NOD32 Antivirus
GTA2
HijackThis 2.0.2
Hitman Blood Money
iTunes
J2SE Runtime Environment 5.0 Update 3
Microsoft Office Professional Edition 2003
Mozilla Firefox (3.0.1)
Neverwinter Nights 2
NVIDIA Drivers
QuickTime
RCT3 Soaked
Realtek AC'97 Audio
Realtek High Definition Audio Driver
RollerCoaster Tycoon® 3
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
SimCity 4
SKTT IMT-2000 Handset Software
Spybot - Search & Destroy
Trillian Pro 3.1 Build 121
Viewpoint Media Player
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 11.1
World of Warcraft
Longbow1202
Active Member
 
Posts: 6
Joined: August 17th, 2008, 12:09 am

Re: Antivirus not working

Unread postby MikeSwim07 » August 22nd, 2008, 7:32 am

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Please post this log and a new Hijackthis log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Antivirus not working

Unread postby Longbow1202 » August 22nd, 2008, 4:20 pm

The first time i downloaded the program fine and i installed the program fine but when i ran it it gave me a run-time error "339"
component "vbalsgrid6.ocx" or one of its dependencies is not correctly registered: a file is missing or invalid
.
I tried uninstalling it and it wont let me( it gives me the error unable to execute the file in the temporary directory setup aborted error:193 %1 is not valid win32 application). I tried dowloading the file again and it would give me the runtime error again. I tried downloading the file on safe mode and it worked but when i installed the program it gave me the same runtime error again. What should i do?
Longbow1202
Active Member
 
Posts: 6
Joined: August 17th, 2008, 12:09 am

Re: Antivirus not working

Unread postby MikeSwim07 » August 22nd, 2008, 5:53 pm

Thanks for the info, I will ask the creator about this. In the meantime, please do this:

Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Antivirus not working

Unread postby Longbow1202 » August 22nd, 2008, 10:28 pm

The malware is preventing me from doing a scan. Its messing with the java app and the scan wont work.
Also if this is any help when my computer first starts up (when started up normally not in safe mode) 2 or more command prompt windows (idk what they are called, the black squares) but they are blank and after a couple of seconds they disappear. I managed to write a couple of them down c\: progra-1\dellph~1\memcard.exe and c:\progra-1\dellph~1\dlcqmon.exe. what should i do?

ps: i also tried and failed to run the scan in safe mode+ networking
Longbow1202
Active Member
 
Posts: 6
Joined: August 17th, 2008, 12:09 am

Re: Antivirus not working

Unread postby MikeSwim07 » August 23rd, 2008, 8:39 am

Disable Windows Defender

  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  • Click on the Save button at the bottom right hand corner.

OTScanIt

  • Please download OTScanIt.exe from Bleeping Computer by OldTimer and save it to your desktop.
  • Double click on OTScanIt.exe to run it.
  • Click on Extract. Once done, you will be prompted. Click OK and click Close.
  • Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
  • Under Drivers section, select Non-Microsoft.
  • Click on the Run Scan button at the top left hand corner.
  • OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

Eset Online Scan

Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log

Please post both of those logs on your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Antivirus not working

Unread postby Longbow1202 » August 23rd, 2008, 2:02 pm

i did manage the otscan:
Code: Select all
OTScanIt logfile created on: 8/23/2008 1:48:12 PM
OTScanIt by OldTimer - Version 1.0.16.2     Folder = C:\Users\Administrator\Downloads\OTScanIt
Windows Vista   (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16643)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.55% Memory free
4.00 Gb Paging File | 3.27 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): ?:\pagefile.sys;
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.10 Gb Total Space | 206.94 Gb Free Space | 69.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232.83 Gb Total Space | 77.43 Gb Free Space | 33.26% Space Free | Partition Type: FAT32

Computer Name: USER-PC
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 8/18/2008 1:25:16 PM | Attr =    ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr =    ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 6, 0, 0, 4 | Size = 598016 bytes | Modified Date = 3/9/2007 8:28:02 PM | Attr =    ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =    ]
sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 12 | Size = 809296 bytes | Modified Date = 7/7/2008 9:42:02 AM | Attr =    ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 7/2/2008 9:52:30 PM | Attr =    ]
otscanit.exe -> %UserProfile%\Downloads\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 8/18/2008 1:25:16 PM | Attr =    ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 7/9/2007 10:31:16 PM | Attr =    ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr =    ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(EhttpSrv) Eset HTTP Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> ESET [Ver = 3.0.667  | Size = 19200 bytes | Modified Date = 6/10/2008 6:59:18 PM | Attr =    ]
(ekrn) Eset Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\ekrn.exe -> ESET [Ver = 3.0.667  | Size = 468224 bytes | Modified Date = 6/10/2008 6:53:54 PM | Attr =    ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr =    ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 12 | Size = 809296 bytes | Modified Date = 7/7/2008 9:42:02 AM | Attr =    ]
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(wuauserv) wuauserv [Win32_Shared | Unknown | Stopped] -> %systemroot%\system32\svchost.exe -> File not found

[Driver Services - Non-Microsoft Only]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 420968 bytes | Modified Date = 11/2/2006 5:51:38 AM | Attr =    ]
(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.0 (1.060824-1234) | Size = 297576 bytes | Modified Date = 11/2/2006 5:51:32 AM | Attr =    ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.051018-1332) | Size = 98408 bytes | Modified Date = 11/2/2006 5:50:35 AM | Attr =    ]
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.1.000.000 (NT.060302-2137) | Size = 147048 bytes | Modified Date = 11/2/2006 5:51:00 AM | Attr =    ]
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 11/2/2006 5:50:11 AM | Attr =    ]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\RTKVAC.SYS -> Realtek Semiconductor Corp. [Ver = 6.0.1.6285 built by: WinDDK | Size = 4137312 bytes | Modified Date = 3/25/2008 9:15:30 PM | Attr =    ]
(aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 14952 bytes | Modified Date = 11/2/2006 5:49:20 AM | Attr =    ]
(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.1.0.6789 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 5:50:09 AM | Attr =    ]
(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.1.0.6790 (NT.060726-2054) | Size = 67688 bytes | Modified Date = 11/2/2006 5:50:10 AM | Attr =    ]
(blbdrive) blbdrive [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\blbdrive.sys -> File not found
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 11/2/2006 4:24:45 AM | Attr =    ]
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 11/2/2006 4:24:46 AM | Attr =    ]
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 11/2/2006 4:25:24 AM | Attr =    ]
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 11/2/2006 4:24:44 AM | Attr =    ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 11/2/2006 4:24:44 AM | Attr =    ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 11/2/2006 4:24:47 AM | Attr =    ]
(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] ->  -> File not found
(cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (vista_rtm.061101-2205) | Size = 16488 bytes | Modified Date = 11/2/2006 5:49:28 AM | Attr =    ]
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.1.37.2 built by: WinDDK | Size = 117760 bytes | Modified Date = 11/2/2006 3:30:54 AM | Attr =    ]
(eamon) eamon [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\eamon.sys -> ESET [Ver = 3.0.667  | Size = 39944 bytes | Modified Date = 6/10/2008 6:47:42 PM | Attr =    ]
(easdrv) easdrv [Kernel | System | Running] -> %SystemRoot%\System32\drivers\easdrv.sys -> ESET [Ver = 3.0.667  | Size = 53256 bytes | Modified Date = 6/10/2008 6:48:38 PM | Attr =    ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 1 | Size = 15440 bytes | Modified Date = 12/13/2006 7:41:53 PM | Attr =    ]
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 1 | Size = 11984 bytes | Modified Date = 12/13/2006 7:41:48 PM | Attr =    ]
(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.20M8 9/14/2006 WS2K3 32 bit (NT.060909-1739) | Size = 316520 bytes | Modified Date = 11/2/2006 5:51:34 AM | Attr =    ]
(epfwtdir) epfwtdir [Kernel | System | Running] -> %SystemRoot%\System32\drivers\epfwtdir.sys ->  [Ver =  | Size = 34312 bytes | Modified Date = 6/10/2008 6:56:10 PM | Attr =    ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr =    ]
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 4 (x86) (NT.060726-2054) | Size = 37480 bytes | Modified Date = 11/2/2006 5:50:10 AM | Attr =    ]
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1015 | Size = 232040 bytes | Modified Date = 11/2/2006 5:51:25 AM | Attr =    ]
(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 11/2/2006 5:50:17 AM | Attr =    ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 5:50:07 AM | Attr =    ]
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 11/2/2006 5:50:09 AM | Attr =    ]
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 5:50:04 AM | Attr =    ]
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 5:50:05 AM | Attr =    ]
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.23.24.03 (NT.060824-1234) | Size = 65640 bytes | Modified Date = 11/2/2006 5:50:10 AM | Attr =    ]
(megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Logic Corporation [Ver = 2.4.0.32 (NT.060824-1234) | Size = 28776 bytes | Modified Date = 11/2/2006 5:49:53 AM | Attr =    ]
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 11/2/2006 5:49:59 AM | Attr =    ]
(netrcacm) RCA USB Digital Cable Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\netrcacm.sys -> Thomson Inc. [Ver = 30.2.24.0 | Size = 20648 bytes | Modified Date = 1/20/2003 11:50:36 AM | Attr =    ]
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 11/2/2006 5:50:19 AM | Attr =    ]
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 11/2/2006 3:36:50 AM | Attr =    ]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\nvmfdx32.sys -> NVIDIA Corporation [Ver = 1.00.01.06574 | Size = 1065384 bytes | Modified Date = 5/3/2007 6:29:10 PM | Attr =    ]
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\nvlddmkm.sys -> NVIDIA Corporation [Ver = 7.15.11.6222 | Size = 7568832 bytes | Modified Date = 7/6/2007 8:15:00 PM | Attr =    ]
(nvraid) NVIDIA nForce(tm) RAID Class Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0824 built by: WinDDK | Size = 86096 bytes | Modified Date = 1/5/2007 9:59:34 PM | Attr =    ]
(nvrd32) NVIDIA nForce RAID Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\nvrd32.sys -> NVIDIA Corporation [Ver = 5.10.2600.0995 built by: WinDDK | Size = 131616 bytes | Modified Date = 7/3/2007 12:37:10 AM | Attr =    ]
(nvstor) nvstor [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0824 built by: WinDDK | Size = 35920 bytes | Modified Date = 1/5/2007 9:59:42 PM | Attr =    ]
(nvstor32) nvstor32 [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\nvstor32.sys -> NVIDIA Corporation [Ver = 5.10.2600.0995 built by: WinDDK | Size = 110112 bytes | Modified Date = 7/3/2007 12:37:08 AM | Attr =    ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkflt.sys -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkfwd.sys -> File not found
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\pcouffin.sys -> VSO Software [Ver = 1.36 | Size = 47360 bytes | Modified Date = 11/1/2007 5:14:10 PM | Attr =    ]
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.2.6 (w32) | Size = 900712 bytes | Modified Date = 11/2/2006 5:51:45 AM | Attr =    ]
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 11/2/2006 5:50:35 AM | Attr =    ]
(RT61) Gigabyte RT61 Wireless Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\rt61.sys -> Ralink Technology Inc. [Ver = 1.00.03.0000 | Size = 356096 bytes | Modified Date = 10/27/2005 3:06:30 AM | Attr =    ]
(rt61x86) Gigabyte RT61 Wireless Driver for Windows Vista [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\netr61.sys -> Ralink Technology Corp. [Ver = 2.00.04.0000 built by: WinDDK | Size = 357376 bytes | Modified Date = 5/11/2007 5:28:30 PM | Attr =    ]
(secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/2/2006 2:37:21 AM | Attr =    ]
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> Silicon Integrated Systems Corp. [Ver = 2.05.12 (NT.060926-1359) | Size = 38504 bytes | Modified Date = 11/2/2006 5:50:10 AM | Attr =    ]
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.060726-2054) | Size = 71784 bytes | Modified Date = 11/2/2006 5:50:16 AM | Attr =    ]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sptd.sys ->  [Ver =  | Size = 717296 bytes | Modified Date = 5/18/2008 4:21:30 PM | Attr =    ]
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 11/2/2006 5:50:05 AM | Attr =    ]
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 11/2/2006 5:49:56 AM | Attr =    ]
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 11/2/2006 5:50:03 AM | Attr =    ]
(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.300 | Size = 235112 bytes | Modified Date = 11/2/2006 5:51:25 AM | Attr =    ]
(UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver =  1.1.0.31 | Size = 98408 bytes | Modified Date = 11/2/2006 5:50:35 AM | Attr =    ]
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver =  1.0.0.38 | Size = 115816 bytes | Modified Date = 11/2/2006 5:50:45 AM | Attr =    ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 10/31/2007 3:09:14 PM | Attr =    ]
(usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\usbscan.sys -> File not found
(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 17512 bytes | Modified Date = 11/2/2006 5:49:30 AM | Attr =    ]
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.5600,613 | Size = 112232 bytes | Modified Date = 11/2/2006 5:50:41 AM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr =    ]
dlcqmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 966\dlcqmon.exe ["C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"] ->  [Ver =  | Size = 292336 bytes | Modified Date = 1/12/2007 12:21:24 PM | Attr =    ]
egui -> %ProgramFiles%\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] ->  [Ver =  | Size = 1447168 bytes | Modified Date = 6/10/2008 6:52:30 PM | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr =    ]
MemoryCardManager -> %ProgramFiles%\Dell Photo AIO Printer 966\memcard.exe ["C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"] ->  [Ver =  | Size = 304008 bytes | Modified Date = 12/12/2006 3:22:12 AM | Attr =    ]
NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.11.6222 | Size = 8466432 bytes | Modified Date = 7/6/2007 8:15:00 PM | Attr =    ]
NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.11.6222 | Size = 81920 bytes | Modified Date = 7/6/2007 8:15:00 PM | Attr =    ]
NvSvc -> %SystemRoot%\System32\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.11.6222 | Size = 86016 bytes | Modified Date = 7/6/2007 8:15:00 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 3/28/2008 11:37:20 PM | Attr =    ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 6, 0, 0, 4 | Size = 598016 bytes | Modified Date = 3/9/2007 8:28:02 PM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe ["C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized] -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] ->  [Ver =  | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2923520 bytes | Modified Date = 11/15/2007 4:04:01 AM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 24576 bytes | Modified Date = 11/2/2006 5:45:50 AM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 11315200 bytes | Modified Date = 8/29/2007 3:03:11 AM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 238080 bytes | Modified Date = 11/2/2006 5:44:42 AM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
TORiSAN CD-ROM CDR_C36 ->  -> File not found
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 67072 bytes | Modified Date = 11/2/2006 4:51:44 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomLITE-ON_DVDRW_LH-20A1P__________________KL05____\5&6312091&0&0.1.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_BA2450B&Prod_NUM099Y&Rev_1.01\5&36e5972&0&000000 -> 
< Drives - Autoruns > ->  -> 
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] ->  [Ver =  | Size = 24 bytes | Modified Date = 9/18/2006 5:43:36 PM | Attr =    ]
autorun.inf [[autorun] | ICON=AUTORUN\WDLOGO.ICO | ] -> I:\autorun.inf [ FAT32 ] ->  [Ver =  | Size = 36 bytes | Modified Date = 11/15/2005 11:08:04 AM | Attr =  H ]
< HOSTS File > (259259 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> 
::1             localhost -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4742 domain(s) found. -> 
43 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4742 domain(s) found. -> 
43 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1AC92951-DF82-406D-AABD-13A0F6535488} -> 205.171.3.65,205.171.2.65   (NVIDIA nForce Networking Controller) -> 
{20557D96-637F-4B8F-A08C-443001D1980D} ->    (RCA USB Cable Modem) -> 
{259FB320-A56B-4E8B-A55F-A9056B59B79A} ->    (Gigabyte GN-WP01GS PCI WLAN Card(Turbo)) -> 
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
ldap -> 4 = Restricted sites (Not a Default Protocol) -> 
news -> 4 = Restricted sites (Not a Default Protocol) -> 
nntp -> 4 = Restricted sites (Not a Default Protocol) -> 
oecmd -> 4 = Restricted sites (Not a Default Protocol) -> 
snews -> 4 = Restricted sites (Not a Default Protocol) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniff.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniff.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniff.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniffdlgs.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniffdlgs.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/avsniffdlgs.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ecmldr32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ecmldr32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/ecmldr32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi.vxd\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi.vxd\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi.vxd\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/navapi32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/rufsi.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} ->  -> 



[Files/Folders - Created Within 30 days]
dell -> %SystemDrive%\dell ->  [Folder | Created Date = 8/16/2008 11:06:39 PM | Attr =    ]
found.000 -> %SystemDrive%\found.000 ->  [Folder | Created Date = 8/16/2008 6:45:46 PM | Attr =  HS]
found.001 -> %SystemDrive%\found.001 ->  [Folder | Created Date = 8/17/2008 8:05:26 PM | Attr =  HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2146877440 bytes | Created Date = 8/22/2008 8:17:13 PM | Attr =  HS]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/22/2008 9:59:56 AM | Attr =    ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/22/2008 9:59:56 AM | Attr =    ]
dlcq.loc -> %SystemRoot%\System32\dlcq.loc ->  [Ver =  | Size = 2069 bytes | Created Date = 8/16/2008 11:09:02 PM | Attr =    ]
DLCQcfg.dll -> %SystemRoot%\System32\DLCQcfg.dll ->  [Ver = 1, 0, 0, 1 | Size = 77824 bytes | Created Date = 8/16/2008 11:09:02 PM | Attr =    ]
dlcqcfg.exe -> %SystemRoot%\System32\dlcqcfg.exe ->  [Ver =  | Size = 381832 bytes | Created Date = 8/16/2008 11:09:11 PM | Attr =    ]
dlcqcomc.dll -> %SystemRoot%\System32\dlcqcomc.dll ->   [Ver = 99.99.99.99 | Size = 684032 bytes | Created Date = 8/16/2008 11:09:19 PM | Attr =    ]
dlcqcomm.dll -> %SystemRoot%\System32\dlcqcomm.dll ->   [Ver = 99.99.99.99 | Size = 421888 bytes | Created Date = 8/16/2008 11:09:54 PM | Attr =    ]
dlcqcoms.exe -> %SystemRoot%\System32\dlcqcoms.exe ->  [Ver =  | Size = 537480 bytes | Created Date = 8/16/2008 11:10:05 PM | Attr =    ]
dlcqcu.dll -> %SystemRoot%\System32\dlcqcu.dll ->  [Ver = 0.0.7.0 | Size = 73728 bytes | Created Date = 8/16/2008 11:10:13 PM | Attr =    ]
dlcqcub.dll -> %SystemRoot%\System32\dlcqcub.dll ->  [Ver = 0.0.7.0 | Size = 86016 bytes | Created Date = 8/16/2008 11:10:13 PM | Attr =    ]
dlcqcur.dll -> %SystemRoot%\System32\dlcqcur.dll ->  [Ver = 0.0.7.0 | Size = 36864 bytes | Created Date = 8/16/2008 11:10:13 PM | Attr =    ]
dlcqgf.dll -> %SystemRoot%\System32\dlcqgf.dll ->  [Ver =  | Size = 983121 bytes | Created Date = 8/16/2008 11:10:13 PM | Attr =    ]
dlcqgrd.dll -> %SystemRoot%\System32\dlcqgrd.dll ->  [Ver = 1, 0, 0, 1 | Size = 188416 bytes | Created Date = 8/16/2008 11:10:20 PM | Attr =    ]
dlcqhbn3.dll -> %SystemRoot%\System32\dlcqhbn3.dll ->   [Ver = 99.99.99.99 | Size = 696320 bytes | Created Date = 8/16/2008 11:10:27 PM | Attr =    ]
DLCQhcp.dll -> %SystemRoot%\System32\DLCQhcp.dll ->   [Ver = 99.99.99.99 | Size = 323584 bytes | Created Date = 8/16/2008 11:33:29 PM | Attr =    ]
dlcqhelp.chm -> %SystemRoot%\System32\dlcqhelp.chm ->  [Ver =  | Size = 1000116 bytes | Created Date = 8/16/2008 11:10:37 PM | Attr =    ]
dlcqiesc.dll -> %SystemRoot%\System32\dlcqiesc.dll ->  [Ver =  | Size = 397312 bytes | Created Date = 8/16/2008 11:11:39 PM | Attr =    ]
dlcqih.exe -> %SystemRoot%\System32\dlcqih.exe ->  [Ver =  | Size = 385928 bytes | Created Date = 8/16/2008 11:10:39 PM | Attr =    ]
dlcqinpa.dll -> %SystemRoot%\System32\dlcqinpa.dll ->  [Ver =  | Size = 413696 bytes | Created Date = 8/16/2008 11:11:41 PM | Attr =    ]
dlcqins.dll -> %SystemRoot%\System32\dlcqins.dll ->  [Ver =  | Size = 176128 bytes | Created Date = 8/16/2008 11:10:40 PM | Attr =    ]
dlcqinsb.dll -> %SystemRoot%\System32\dlcqinsb.dll ->  [Ver = 0.0.7.0 | Size = 176128 bytes | Created Date = 8/16/2008 11:10:41 PM | Attr =    ]
dlcqinsr.dll -> %SystemRoot%\System32\dlcqinsr.dll ->  [Ver = 0.0.7.0 | Size = 106496 bytes | Created Date = 8/16/2008 11:10:41 PM | Attr =    ]
DLCQinst.dll -> %SystemRoot%\System32\DLCQinst.dll ->  [Ver =  | Size = 274432 bytes | Created Date = 8/16/2008 11:11:59 PM | Attr =    ]
dlcqjswr.dll -> %SystemRoot%\System32\dlcqjswr.dll ->  [Ver = 0.0.7.0 | Size = 139264 bytes | Created Date = 8/16/2008 11:10:42 PM | Attr =    ]
dlcqlmpm.dll -> %SystemRoot%\System32\dlcqlmpm.dll ->   [Ver = 99.99.99.99 | Size = 585728 bytes | Created Date = 8/16/2008 11:10:51 PM | Attr =    ]
dlcqpmui.dll -> %SystemRoot%\System32\dlcqpmui.dll ->  [Ver =  | Size = 643072 bytes | Created Date = 8/16/2008 11:10:56 PM | Attr =    ]
dlcqpplc.dll -> %SystemRoot%\System32\dlcqpplc.dll ->   [Ver = 99.99.99.99 | Size = 94208 bytes | Created Date = 8/16/2008 11:11:05 PM | Attr =    ]
dlcqprox.dll -> %SystemRoot%\System32\dlcqprox.dll ->  [Ver =  | Size = 163840 bytes | Created Date = 8/16/2008 11:11:05 PM | Attr =    ]
dlcqserv.dll -> %SystemRoot%\System32\dlcqserv.dll ->   [Ver = 99.99.99.99 | Size = 1224704 bytes | Created Date = 8/16/2008 11:11:14 PM | Attr =    ]
dlcqusb1.dll -> %SystemRoot%\System32\dlcqusb1.dll ->   [Ver = 99.99.99.99 | Size = 991232 bytes | Created Date = 8/16/2008 11:11:22 PM | Attr =    ]
dlcqutil.dll -> %SystemRoot%\System32\dlcqutil.dll ->  [Ver =  | Size = 454656 bytes | Created Date = 8/16/2008 11:11:29 PM | Attr =    ]
LexFiles.ulf -> %SystemRoot%\System32\LexFiles.ulf ->  [Ver =  | Size = 16741 bytes | Created Date = 8/16/2008 11:12:00 PM | Attr =    ]
wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll ->  [Ver =  | Size = 1811656 bytes | Created Date = 8/21/2008 2:19:20 PM | Attr =    ]
wucltux.dll -> %SystemRoot%\System32\wucltux.dll ->  [Ver =  | Size = 1524736 bytes | Created Date = 8/21/2008 2:19:20 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
dell -> %SystemDrive%\dell ->  [Folder | Modified Date = 8/16/2008 11:06:40 PM | Attr =    ]
found.000 -> %SystemDrive%\found.000 ->  [Folder | Modified Date = 8/16/2008 6:45:46 PM | Attr =  HS]
found.001 -> %SystemDrive%\found.001 ->  [Folder | Modified Date = 8/17/2008 8:05:26 PM | Attr =  HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2146877440 bytes | Modified Date = 8/23/2008 1:37:40 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/22/2008 9:59:55 AM | Attr = R  ]
ProgramData -> %AllUsersProfile% ->  [Folder | Modified Date = 8/22/2008 9:59:55 AM | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 8/22/2008 9:55:48 AM | Attr =  HS]
Windows -> %SystemRoot% ->  [Folder | Modified Date = 8/23/2008 1:37:39 PM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 8/22/2008 10:23:42 PM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 259259 bytes | Modified Date = 8/18/2008 1:26:00 PM | Attr = R  ]
hosts.20080818-132600.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080818-132600.backup ->  [Ver =  | Size = 259259 bytes | Modified Date = 8/18/2008 1:24:41 PM | Attr = R  ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:01:14 PM | Attr =    ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:01:18 PM | Attr =    ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3680 bytes | Modified Date = 8/23/2008 1:37:54 PM | Attr =  H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 ->  [Ver =  | Size = 3680 bytes | Modified Date = 8/23/2008 1:37:54 PM | Attr =  H ]
catroot -> %SystemRoot%\System32\catroot ->  [Folder | Modified Date = 8/21/2008 2:20:45 PM | Attr =    ]
catroot2 -> %SystemRoot%\System32\catroot2 ->  [Folder | Modified Date = 8/21/2008 2:20:44 PM | Attr =    ]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/22/2008 10:23:47 PM | Attr =    ]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 8/21/2008 2:22:38 PM | Attr =    ]
LexFiles.ulf -> %SystemRoot%\System32\LexFiles.ulf ->  [Ver =  | Size = 16741 bytes | Modified Date = 8/16/2008 11:57:44 PM | Attr =    ]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 8/18/2008 5:25:36 PM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 104662 bytes | Modified Date = 8/16/2008 6:35:01 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 472702 bytes | Modified Date = 8/16/2008 6:35:02 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 570664 bytes | Modified Date = 8/16/2008 6:34:49 PM | Attr =    ]
spool -> %SystemRoot%\System32\spool ->  [Folder | Modified Date = 8/21/2008 10:21:06 AM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 67584 bytes | Modified Date = 8/23/2008 1:37:47 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 8/18/2008 12:18:47 PM | Attr =   S]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/18/2008 12:18:46 PM | Attr =    ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/18/2008 1:25:41 PM | Attr =  HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP ->  [Ver =  | Size = 319359944 bytes | Modified Date = 8/23/2008 1:37:39 PM | Attr =    ]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 8/23/2008 1:37:48 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/23/2008 1:47:34 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 8/23/2008 1:38:02 PM | Attr =  H ]
System32 -> %SystemRoot%\System32 ->  [Folder | Modified Date = 8/21/2008 2:24:53 PM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/23/2008 1:42:06 PM | Attr =    ]
winsxs -> %SystemRoot%\winsxs ->  [Folder | Modified Date = 8/21/2008 2:24:37 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/23/2008 1:37:52 PM | Attr =  H ]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys ->  [Folder | Modified Date = 7/9/2007 3:25:09 PM | Attr =    ]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat ->  [Ver =  | Size = 8 bytes | Modified Date = 7/7/2007 3:31:55 AM | Attr =    ]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader ->  [Folder | Modified Date = 11/2/2006 9:04:06 AM | Attr =    ]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6575 bytes | Modified Date = 8/21/2008 2:25:43 PM | Attr =    ]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6575 bytes | Modified Date = 8/21/2008 2:25:43 PM | Attr =    ]
C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 7/9/2007 10:27:26 PM | Attr =    ]
opa11.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 7/9/2007 10:27:26 PM | Attr =    ]
C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData ->  [Folder | Modified Date = 7/5/2007 11:10:47 AM | Attr =    ]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT ->  [Ver =  | Size = 19044 bytes | Modified Date = 8/21/2008 9:25:13 AM | Attr =    ]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 8/21/2008 9:25:13 AM | Attr =    ]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT ->  [Ver =  | Size = 0 bytes | Modified Date = 8/21/2008 9:25:13 AM | Attr =    ]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT ->  [Ver =  | Size = 8760 bytes | Modified Date = 8/21/2008 9:25:13 AM | Attr =    ]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT ->  [Ver =  | Size = 12972 bytes | Modified Date = 8/21/2008 9:25:13 AM | Attr =    ]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT ->  [Ver =  | Size = 92016 bytes | Modified Date = 8/21/2008 9:25:13 AM | Attr =    ]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures ->  [Folder | Modified Date = 7/9/2007 3:25:25 PM | Attr =    ]
Administrator.dat -> C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 1/19/2002 9:37:27 PM | Attr =    ]
Mcx1.dat -> C:\ProgramData\Microsoft\User Account Pictures\Mcx1.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 7/9/2007 3:25:25 PM | Attr =    ]

< End of report >


but when i tried to run the eset scan the activex control wouldnt show up at all and this it what the website said:
Your browser is not supported.
ESET Online Scanner is based on ActiveX technology and requires Microsoft Internet Explorer with enabled ActiveX controls. User has to agree to install ActiveX package signed by ESET.

I also tried running it in Iexplorer and the same thing happened.
Lastly this is one of the random errors i get from time to time without actually doing anything:
Windows media center store update manager has stopped working
Problem signature:
Problem Event Name: APPCRASH
Application Name: mcupdate.EXE
Application Version: 6.0.6000.16386
Application Timestamp: 4549b55f
Fault Module Name: KERNEL32.dll
Fault Module Version: 6.0.6000.16386
Fault Module Timestamp: 4549bd80
Exception Code: e0434f4d
Exception Offset: 0001b09e
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033
Additional Information 1: 8d13
Additional Information 2: cdca9b1d21d12b77d84f02df48e34311
Additional Information 3: 8d13
Additional Information 4: cdca9b1d21d12b77d84f02df48e34311

This malware for whatever reason stops me from updating many many things (eset nod32, windows deffender, and it stops me from turning on automatic updates from windows)
Longbow1202
Active Member
 
Posts: 6
Joined: August 17th, 2008, 12:09 am

Re: Antivirus not working

Unread postby MikeSwim07 » August 24th, 2008, 8:04 am

Do you still have BitTorrent Installed?

You seem to be missing a lot of essential windows components, which may be causing your issues.

Run sfc /scannow
If you have the XP cd please put it in your cd drive.
  • Stop all running programs and make sure you are at a point in time when letting your computer work for a minute isn't going to be a problem.
  • Get Erunt. With this simple utility you can backup your registry before any changes are made and restore to these saved changes should it become necessary.
  • Make a registry backup with Erunt before continuing. You can also create a restore point for added insurance. (Start > All programs > Acessories > System tools > System Restore)
  • Click Start > run > type in sfc /scannow > Press Enter. This is the system file checker. What it does is scour your system and look for windows system files that are corrupt or missing. If it needs a file off of the XP cd it can grab it if you have the XP CD. If you DON'T have the XP cd all is not quite lost yet. We can try restoring system files from your computer's dllcache (which would possibly require a registry change).
  • After this process is complete you may need to reboot.
Note: If you are a power user using registry tweaks, you will likely have to reapply those tweaks after the scan is complete.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Antivirus not working

Unread postby MikeSwim07 » August 27th, 2008, 9:02 pm

Do you need help?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Antivirus not working

Unread postby NonSuch » August 31st, 2008, 4:25 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware