Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE autoopens and goes to random pages.


  • This topic is locked This topic is locked
2 replies to this topic

#1 zinoy

zinoy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 23 June 2010 - 11:20 AM

Hello,

I have a Windows 7 machine that IE will auto launch and go to random pages like redorbit.com, buddytv.com.

I have run Malwarebytes, Superantispyware, McAfee 8.7 and while they have found things, mostly cookies, the random popup still happens every hour or so. Wierd thing is, I use FireFox not IE.

Any suggestions? Thank you in advance.

CODE
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4225

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/22/2010 11:10:56 AM
mbam-log-2010-06-22 (11-10-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 316849
Time elapsed: 37 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


CODE
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/23/2010 at 00:59 AM

Application Version : 4.39.1002

Core Rules Database Version : 5108
Trace Rules Database Version: 2920

Scan type       : Complete Scan
Total Scan Time : 00:33:59

Memory items scanned      : 1145
Memory threats detected   : 0
Registry items scanned    : 12521
Registry threats detected : 0
File items scanned        : 44200
File threats detected     : 41

Adware.Tracking Cookie
    C:\Users\portilla\AppData\Roaming\Microsoft\Windows\Cookies\portilla@atdmt[2].txt
    C:\Users\portilla\AppData\Roaming\Microsoft\Windows\Cookies\portilla@ad.yieldmanager[2].txt
    C:\Users\portilla\AppData\Roaming\Microsoft\Windows\Cookies\portilla@statcounter[2].txt
    C:\Users\portilla\AppData\Roaming\Microsoft\Windows\Cookies\portilla@atdmt[5].txt
    C:\Users\ntapadmin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ntapadmin@ad.yieldmanager[2].txt
    C:\Users\ntapadmin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ntapadmin@avgtechnologies.112.2o7[1].txt
    C:\Users\ntapadmin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ntapadmin@interclick[1].txt
    C:\Users\ntapadmin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ntapadmin@microsoftwindows.112.2o7[1].txt
    C:\Users\ntapadmin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ntapadmin@atdmt[1].txt
    C:\Users\ntapadmin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ntapadmin@fastclick[1].txt
    C:\Users\ntapadmin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ntapadmin@microsoftsto.112.2o7[1].txt
    C:\Users\ntapadmin\AppData\Roaming\Microsoft\Windows\Cookies\Low\ntapadmin@msnportal.112.2o7[1].txt
    webstat.pge.com [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    webstat.pge.com [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .dominionenterprises.112.2o7.net [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .2o7.net [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .2o7.net [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .clickaider.com [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .dmtracker.com [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .revsci.net [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .revsci.net [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .revsci.net [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .revsci.net [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .paypal.112.2o7.net [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .stats.paypal.com [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    .e-2dj6wclookcpkgo.stats.esomniture.com [ C:\Users\portilla\AppData\Roaming\Mozilla\Firefox\Profiles\q7ovwril.default\cookies.sqlite ]
    convoad.technoratimedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VBY5WRVV ]
    media1.break.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VBY5WRVV ]
    secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VBY5WRVV ]
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bluestreak[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[2].txt


CODE
OTL logfile created on: 6/23/2010 7:31:00 AM - Run 1
OTL by OldTimer - Version 3.2.6.1     Folder = C:\Users\portilla\Downloads
Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): c:\pagefile.sys 4452 4452 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 118.93 Gb Total Space | 46.47 Gb Free Space | 39.07% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 234.78 Gb Free Space | 50.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PORTILLA-L7
Current User Name: portilla
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found -- C:\System Volume Information\Microsoft\smss.exe
PRC - File not found -- C:\System Volume Information\Microsoft\services.exe
PRC - [2010/06/23 07:30:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\portilla\Downloads\OTL.exe
PRC - [2010/06/17 22:55:40 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/07 05:36:10 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/05/07 05:36:08 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/04/18 21:00:34 | 001,048,576 | ---- | M] (Xmarks.com) -- C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
PRC - [2010/03/10 14:36:04 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/03/10 14:35:44 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010/03/10 14:35:40 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010/03/03 03:20:00 | 000,075,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/02/25 22:10:20 | 021,979,992 | ---- | M] () -- C:\Users\portilla\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/01/18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2010/01/06 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010/01/06 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/12/21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/29 22:22:52 | 002,781,184 | ---- | M] (SoundGraph, Inc.) -- C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/22 20:07:00 | 000,011,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe
PRC - [2009/10/20 20:32:00 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009/10/20 20:26:50 | 001,701,112 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009/10/19 17:18:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/10/09 08:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/10/01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/28 23:01:01 | 000,044,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
PRC - [2009/09/28 23:00:59 | 000,216,912 | ---- | M] (Microsoft Corporation) -- C:\Users\portilla\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe
PRC - [2009/09/28 23:00:44 | 001,315,152 | ---- | M] (Microsoft Corporation) -- C:\Users\portilla\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe
PRC - [2009/09/21 15:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 15:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/09/02 11:18:22 | 000,166,400 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/07 05:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/14 15:15:36 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/08 20:12:06 | 000,337,184 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
PRC - [2009/07/01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/11/10 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/11/10 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/11/10 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/11/10 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/06/22 15:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2005/05/12 12:40:38 | 004,167,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/06/23 07:30:42 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\portilla\Downloads\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/01 18:03:26 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/07 05:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 14:36:04 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/03/10 14:35:44 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010/03/03 03:20:00 | 000,132,456 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/03/03 03:20:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/02/26 09:17:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/11/17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/10/20 20:32:00 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/10/20 20:31:52 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/10/20 20:26:50 | 001,701,112 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/19 17:18:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/10/09 08:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/09/28 23:01:01 | 000,044,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009/09/21 15:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/09/21 15:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/06/29 13:51:00 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009/04/29 11:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/10 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/03 03:20:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/03/03 03:20:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/06 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/09 20:07:54 | 000,046,592 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2009/12/02 16:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/12/02 16:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/11/27 20:20:00 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/24 16:29:16 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/11/18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009/11/12 10:17:40 | 000,016,384 | ---- | M] (XBCD Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xbcd.sys -- (XBCD)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/17 07:26:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/10/10 19:41:53 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\Windows\System32\SVKP.sys -- (SVKP)
DRV - [2009/09/28 23:01:29 | 000,009,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2009/09/16 17:55:00 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/09/15 12:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/09/02 11:48:08 | 005,946,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/01 01:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/26 13:45:10 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/07/22 14:54:19 | 000,293,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/07/22 14:54:19 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/07/22 14:53:23 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/07/22 14:53:19 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/07/22 06:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/14 15:16:34 | 000,212,656 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 15:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 15:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 15:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/01 12:46:14 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/07/01 12:46:12 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/07/01 12:46:04 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/06/30 12:40:22 | 000,981,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 12:38:16 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2009/06/30 12:37:26 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2009/06/29 13:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/06/29 13:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/06/23 12:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/06/17 13:02:02 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/06/11 17:04:22 | 003,486,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/18 17:32:58 | 000,381,440 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/05/11 09:33:48 | 000,088,832 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2009/04/29 11:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/04/07 15:32:50 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/09/25 00:49:52 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/08/22 22:10:32 | 000,225,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2008/05/12 18:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007/09/06 18:29:02 | 000,035,692 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CdpPacket.sys -- (CdpPacket)
DRV - [2004/12/22 15:51:06 | 000,018,090 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iMON_PAD.sys -- (SGIR)
DRV - [2003/12/30 23:28:50 | 000,045,060 | ---- | M] (TG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TG_iMON.sys -- (SGHIDI)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 56 70 FC 36 12 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://netapp.service-now.com/navpage.do|http://my.netapp.com/mynetapp/index.jsp|http://cedprod.corp.netapp.com:10080/search|http://connected-srv/supportcenter/login.asp"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.6.4
FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.7
FF - prefs.js..extensions.enabledItems: CLIP@chris.synan:1.1.7
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 7070

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/22 14:46:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/17 22:56:16 | 000,000,000 | ---D | M]

[2009/12/12 16:10:57 | 000,000,000 | ---D | M] -- C:\Users\portilla\AppData\Roaming\mozilla\Extensions
[2009/12/12 16:10:57 | 000,000,000 | ---D | M] -- C:\Users\portilla\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/06/23 07:20:23 | 000,000,000 | ---D | M] -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions
[2009/09/29 15:24:02 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/04/30 23:17:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/12 18:08:11 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/09 08:06:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/03/22 09:24:49 | 000,000,000 | ---D | M] -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\CLIP@chris.synan
[2009/09/28 23:56:27 | 000,000,000 | ---D | M] -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\fireform@mozilla.org
[2010/04/14 18:13:42 | 000,000,000 | ---D | M] -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\foxmarks@kei.com
[2009/09/29 15:01:01 | 000,000,000 | ---D | M] -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\google-voice@chad.smith
[2010/03/16 21:11:19 | 000,000,000 | ---D | M] -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\LogMeInClient@logmein.com
[2009/09/29 08:04:27 | 000,000,000 | ---D | M] -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\passwordbank@upek.com
[2010/05/07 18:36:42 | 000,000,000 | ---D | M] -- C:\Users\portilla\AppData\Roaming\mozilla\Firefox\Profiles\q7ovwril.default\extensions\twitternotifier@naan.net
[2010/06/23 07:19:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/02 11:48:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/06 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/10/15 16:03:18 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2009/12/07 22:19:38 | 000,000,001 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe (SoundGraph, Inc.)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NetAppBrand] C:\Windows\System32\BackgroundDropScript.vbs ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MoeMonitor.exe] C:\Users\portilla\AppData\Local\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe (WebEx Communications Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
O4 - Startup: C:\Users\portilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Users\portilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\portilla\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\portilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: homeserver.com ([theportillas] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kvscorp ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: netapp.com ([*.corp] * in Local intranet)
O15 - HKCU\..Trusted Domains: netapp.com ([*.hq] * in Local intranet)
O15 - HKCU\..Trusted Domains: svlappms09 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: svlkvs01 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: svlkvs02 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: svlkvs03 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: theportillas.com ([www] https in Trusted sites)
O16 - DPF: {2742ECD4-8666-11D5-8390-0008C7DF848D} http://kvscorp.hq.netapp.com/EVClientInstall/en/EVDesktop.cab (Enterprise Vault Web Shortcut)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hq.netapp.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28cb840a-2d00-11df-9402-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{28cb840a-2d00-11df-9402-005056c00008}\Shell\AutoRun\command - "" = E:\EasySuite.exe -- File not found
O33 - MountPoints2\{620bfc8d-dbce-11de-aaa3-002268e33589}\Shell - "" = AutoRun
O33 - MountPoints2\{620bfc8d-dbce-11de-aaa3-002268e33589}\Shell\AutoRun\command - "" = G:\files\openindex.exe index.hta -- File not found
O33 - MountPoints2\{68f1a623-c4cd-11de-ac1b-002268e33589}\Shell - "" = AutoRun
O33 - MountPoints2\{68f1a623-c4cd-11de-ac1b-002268e33589}\Shell\AutoRun\command - "" = E:\Enterprise_Launcher.exe -- File not found
O33 - MountPoints2\{6b0561ed-578d-11df-b0e2-0021869e1a74}\Shell - "" = AutoRun
O33 - MountPoints2\{6b0561ed-578d-11df-b0e2-0021869e1a74}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{c24579d0-2ff7-11df-8b8b-f297497d531c}\Shell - "" = AutoRun
O33 - MountPoints2\{c24579d0-2ff7-11df-8b8b-f297497d531c}\Shell\AutoRun\command - "" = E:\EasySuite.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Enterprise_Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/06/23 00:23:25 | 000,000,000 | ---D | C] -- C:\Users\portilla\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/23 00:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/22 23:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/22 15:24:42 | 000,000,000 | ---D | C] -- C:\Quarantine
[2010/06/22 15:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/22 14:46:53 | 000,066,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/06/22 14:46:51 | 000,343,920 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010/06/22 14:46:51 | 000,091,832 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/06/22 14:46:51 | 000,075,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010/06/22 14:46:51 | 000,070,728 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2010/06/22 14:46:51 | 000,064,208 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdik.sys
[2010/06/22 14:46:51 | 000,043,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/06/22 14:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/06/22 14:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/06/22 14:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/06/22 13:18:50 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/06/22 11:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/21 10:17:18 | 000,000,000 | ---D | C] -- C:\Users\portilla\Desktop\redsn0w_win_0.9.5b5-2
[2010/06/18 02:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2010/06/18 02:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/06/18 01:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2010/06/17 22:27:02 | 007,635,456 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\mpc-hc.exe
[2010/06/17 22:27:02 | 001,175,552 | ---- | C] (MONOGRAM Mutimedia s.r.o.) -- C:\Windows\System32\graphstudio.exe
[2010/06/17 22:27:02 | 000,441,344 | ---- | C] ( ) -- C:\Windows\System32\SetACLx64.exe
[2010/06/17 22:27:02 | 000,303,616 | ---- | C] ( ) -- C:\Windows\System32\SetACLx86.exe
[2010/06/17 22:27:01 | 002,125,824 | ---- | C] (http://mediainfo.sourceforge.net) -- C:\Windows\System32\MediaInfo.dll
[2010/06/17 22:27:01 | 001,447,936 | ---- | C] (Paul Glagla) -- C:\Windows\System32\filmerit_30en.exe
[2010/06/17 22:27:01 | 000,293,888 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\mpcresources.de.dll
[2010/06/17 22:27:01 | 000,293,376 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\mpcresources.cz.dll
[2010/06/17 22:26:59 | 002,784,256 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\MPCVideoDec.ax
[2010/06/17 22:26:59 | 000,622,592 | ---- | C] (MONOGRAM Multimedia s.r.o.) -- C:\Windows\System32\mmaacd.ax
[2010/06/17 22:26:59 | 000,487,936 | ---- | C] (www.madshi.net) -- C:\Windows\System32\madFlac.ax
[2010/06/17 22:26:59 | 000,439,296 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\RealMediaSplitter.ax
[2010/06/17 22:26:59 | 000,399,360 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\MpegSplitter.ax
[2010/06/17 22:26:59 | 000,340,992 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\FLVSplitter.ax
[2010/06/17 22:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/17 22:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/10 07:22:53 | 001,061,888 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe
[2010/06/10 07:22:53 | 000,475,648 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr
[2010/06/10 07:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.3.1
[2010/06/08 12:16:22 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/08 12:16:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/08 12:16:20 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/08 12:16:20 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/08 12:16:20 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/08 12:16:20 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/08 12:16:18 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/08 12:16:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/08 02:57:01 | 000,203,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2010/06/08 02:57:00 | 000,124,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswinsck.ocx
[2010/06/07 17:42:05 | 000,000,000 | ---D | C] -- C:\Users\portilla\Desktop\New folder
[2010/06/07 09:50:33 | 000,000,000 | ---D | C] -- C:\Users\portilla\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/06/07 09:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010/06/04 17:18:52 | 000,000,000 | ---D | C] -- C:\Users\portilla\Desktop\When.in.Rome.DVDRip.XviD-DiAMOND
[2010/06/04 09:22:41 | 000,000,000 | ---D | C] -- C:\minidump
[2010/06/03 07:06:34 | 000,000,000 | ---D | C] -- C:\Users\portilla\AppData\Local\Apple_Inc
[2010/06/03 07:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility
[2010/06/02 12:01:40 | 000,000,000 | ---D | C] -- C:\Users\portilla\Documents\Travel Receipts
[2010/06/02 07:53:35 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2010/06/01 09:09:11 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Users\portilla\Desktop\TDSSKiller.exe
[2010/05/31 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\portilla\Documents\DVDFab
[2010/05/30 03:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2010/05/29 19:37:15 | 000,000,000 | ---D | C] -- C:\Users\portilla\AppData\Roaming\vlc
[2010/05/29 19:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/05/26 10:47:23 | 000,000,000 | ---D | C] -- C:\share
[2010/05/25 14:05:06 | 000,230,400 | ---- | C] (XBCD Project) -- C:\Windows\System32\xbcdsu.dll
[2010/05/25 14:05:06 | 000,027,136 | ---- | C] (XBCD Project) -- C:\Windows\System32\xbcdif.dll
[2010/05/25 14:05:06 | 000,016,384 | ---- | C] (XBCD Project) -- C:\Windows\System32\drivers\xbcd.sys
[2010/05/25 14:05:06 | 000,015,360 | ---- | C] (Redcl0ud) -- C:\Windows\System32\xbcdr.dll
[2010/05/25 14:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\XBCDSU
[2010/05/25 14:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\XBCD
[2010/05/25 13:16:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/25 11:36:37 | 000,000,000 | ---D | C] -- C:\Users\portilla\AppData\Local\WebEx
[2010/05/25 11:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/05/25 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\portilla\AppData\Roaming\Productivity Tools
[2009/11/02 17:32:50 | 000,232,448 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/11/02 17:32:49 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/06/23 07:33:18 | 006,553,600 | -HS- | M] () -- C:\Users\portilla\NTUSER.DAT
[2010/06/23 07:30:18 | 000,743,924 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/23 07:30:18 | 000,628,674 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/23 07:30:18 | 000,107,948 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/23 07:20:37 | 000,018,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/23 07:20:37 | 000,018,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/23 07:14:56 | 000,001,037 | ---- | M] () -- C:\Users\portilla\AppData\Local\Account.atomsvc
[2010/06/23 07:14:22 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/23 07:13:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/23 07:13:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/23 07:13:10 | 2334,134,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 07:12:26 | 004,944,355 | -H-- | M] () -- C:\Users\portilla\AppData\Local\IconCache.db
[2010/06/23 06:39:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/22 23:11:48 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/22 17:47:01 | 000,000,530 | ---- | M] () -- C:\Windows\hpbafd.ini
[2010/06/22 11:27:47 | 000,002,039 | ---- | M] () -- C:\Users\portilla\Desktop\HijackThis.lnk
[2010/06/21 12:36:53 | 000,190,504 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/06/21 00:00:06 | 000,002,056 | -H-- | M] () -- C:\Users\portilla\Documents\Default.rdp
[2010/06/20 20:12:32 | 000,038,912 | ---- | M] () -- C:\Users\portilla\Documents\anthonynewresume.doc
[2010/06/18 02:02:48 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2010/06/17 22:36:20 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\StreamedMP BasicHome Editor.lnk
[2010/06/17 22:27:18 | 000,000,067 | ---- | M] () -- C:\Windows\System32\SAF_Donate.url
[2010/06/17 22:27:06 | 000,000,112 | ---- | M] () -- C:\Windows\System32\ffdshow.url
[2010/06/17 22:27:05 | 000,000,134 | ---- | M] () -- C:\Windows\System32\MPC-HC_DXVA_ON.reg
[2010/06/17 22:27:05 | 000,000,134 | ---- | M] () -- C:\Windows\System32\MPC-HC_DXVA_OFF.reg
[2010/06/17 22:27:05 | 000,000,096 | ---- | M] () -- C:\Windows\System32\mpc-hc.url
[2010/06/17 22:26:36 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\MediaPortal Configuration.lnk
[2010/06/17 22:26:36 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\MediaPortal.lnk
[2010/06/17 22:26:35 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\MediaPortal Extension Installer.lnk
[2010/06/17 22:23:08 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/11 08:46:12 | 004,855,739 | ---- | M] () -- C:\Users\portilla\Desktop\HQ_BasicData.csv
[2010/06/10 08:23:56 | 000,043,520 | ---- | M] () -- C:\Users\portilla\Documents\FO Site Visit Report Edina Q1.doc
[2010/06/10 08:16:47 | 000,044,032 | ---- | M] () -- C:\Users\portilla\Documents\FO Site Visit Report Englewood Q1.doc
[2010/06/10 07:22:55 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\MyDefrag.lnk
[2010/06/09 03:22:38 | 000,416,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/09 03:05:14 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/06/08 02:57:01 | 000,203,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2010/06/08 02:57:00 | 000,124,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswinsck.ocx
[2010/06/07 09:50:29 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010/06/07 07:25:59 | 000,003,584 | ---- | M] () -- C:\Users\portilla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 07:55:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Users\portilla\Desktop\TDSSKiller.exe
[2010/05/28 08:15:48 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/05/27 00:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/26 20:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/26 08:41:25 | 000,137,873 | ---- | M] () -- C:\Users\portilla\Documents\arcade.jpg
[2010/05/25 11:07:03 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\WebEx One-Click.lnk
[2010/05/24 11:39:37 | 000,001,067 | ---- | M] () -- C:\Users\portilla\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\UMDF\*.tmp files -> C:\Windows\System32\drivers\UMDF\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/06/23 07:14:56 | 000,001,037 | ---- | C] () -- C:\Users\portilla\AppData\Local\Account.atomsvc
[2010/06/22 23:11:48 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/22 11:27:47 | 000,002,039 | ---- | C] () -- C:\Users\portilla\Desktop\HijackThis.lnk
[2010/06/20 20:12:32 | 000,038,912 | ---- | C] () -- C:\Users\portilla\Documents\anthonynewresume.doc
[2010/06/18 11:28:16 | 343,457,792 | ---- | C] () -- C:\Users\portilla\Desktop\IUB Beta (5-16-10) v1.1.iso
[2010/06/18 02:02:48 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2010/06/17 22:36:20 | 000,002,022 | ---- | C] () -- C:\Users\Public\Desktop\StreamedMP BasicHome Editor.lnk
[2010/06/17 22:27:18 | 000,000,067 | ---- | C] () -- C:\Windows\System32\SAF_Donate.url
[2010/06/17 22:27:06 | 000,000,112 | ---- | C] () -- C:\Windows\System32\ffdshow.url
[2010/06/17 22:27:05 | 000,000,134 | ---- | C] () -- C:\Windows\System32\MPC-HC_DXVA_ON.reg
[2010/06/17 22:27:05 | 000,000,134 | ---- | C] () -- C:\Windows\System32\MPC-HC_DXVA_OFF.reg
[2010/06/17 22:27:05 | 000,000,096 | ---- | C] () -- C:\Windows\System32\mpc-hc.url
[2010/06/17 22:27:02 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2010/06/17 22:27:02 | 000,033,433 | ---- | C] () -- C:\Windows\System32\gsar.exe
[2010/06/17 22:27:01 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/17 22:27:01 | 000,514,438 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/06/17 22:27:01 | 000,313,894 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/06/17 22:27:01 | 000,236,544 | ---- | C] () -- C:\Windows\System32\DXVAChecker.exe
[2010/06/17 22:27:01 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2010/06/17 22:27:01 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2010/06/17 22:27:01 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2010/06/17 22:27:01 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2010/06/17 22:27:01 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2010/06/17 22:27:01 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2010/06/17 22:27:00 | 004,239,494 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/06/17 22:27:00 | 001,198,434 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/06/17 22:27:00 | 000,904,796 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/06/17 22:27:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/06/17 22:27:00 | 000,295,925 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/06/17 22:27:00 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2010/06/17 22:27:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/06/17 22:27:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/06/17 22:27:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/06/17 22:27:00 | 000,136,026 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/06/17 22:27:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/06/17 22:27:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/06/17 22:27:00 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2010/06/17 22:27:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/06/17 22:27:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/06/17 22:27:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2010/06/17 22:27:00 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/06/17 22:26:59 | 003,650,048 | ---- | C] () -- C:\Windows\System32\ffdshow.ax
[2010/06/17 22:26:59 | 000,550,400 | ---- | C] () -- C:\Windows\System32\splitter.ax
[2010/06/17 22:26:59 | 000,019,278 | ---- | C] () -- C:\Windows\System32\on.ico
[2010/06/17 22:26:59 | 000,019,278 | ---- | C] () -- C:\Windows\System32\off.ico
[2010/06/17 22:26:59 | 000,010,134 | ---- | C] () -- C:\Windows\System32\ffdshow_v.ico
[2010/06/17 22:26:59 | 000,010,134 | ---- | C] () -- C:\Windows\System32\ffdshow_a.ico
[2010/06/17 22:26:36 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\MediaPortal Configuration.lnk
[2010/06/17 22:26:36 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\MediaPortal.lnk
[2010/06/17 22:26:34 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\MediaPortal Extension Installer.lnk
[2010/06/17 22:23:08 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/15 08:06:05 | 000,000,379 | ---- | C] () -- C:\Users\portilla\AppData\Local\OfflineVaultPH.log
[2010/06/11 08:46:44 | 004,855,739 | ---- | C] () -- C:\Users\portilla\Desktop\HQ_BasicData.csv
[2010/06/10 08:23:56 | 000,043,520 | ---- | C] () -- C:\Users\portilla\Documents\FO Site Visit Report Edina Q1.doc
[2010/06/10 08:04:26 | 000,044,032 | ---- | C] () -- C:\Users\portilla\Documents\FO Site Visit Report Englewood Q1.doc
[2010/06/10 07:22:55 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\MyDefrag.lnk
[2010/06/07 17:42:12 | 000,391,736 | ---- | C] () -- C:\Users\portilla\Desktop\antitheftw.bmp
[2010/06/07 09:50:29 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010/06/07 07:25:59 | 000,003,584 | ---- | C] () -- C:\Users\portilla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/03 11:25:37 | 084,678,106 | ---- | C] () -- C:\Users\portilla\Desktop\VirusScan8.5_EPO4.0.exe
[2010/06/02 07:55:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010/05/26 08:41:25 | 000,137,873 | ---- | C] () -- C:\Users\portilla\Documents\arcade.jpg
[2010/05/25 11:07:03 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\WebEx One-Click.lnk
[2010/05/24 11:39:37 | 000,001,067 | ---- | C] () -- C:\Users\portilla\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010/04/05 09:53:54 | 000,000,056 | ---- | C] () -- C:\Windows\System32\nett12.dll
[2010/02/10 19:45:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/11/27 20:20:00 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/11/15 22:54:30 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/10 13:05:09 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009/11/10 13:05:09 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009/11/10 13:05:09 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009/11/07 21:07:36 | 000,018,090 | ---- | C] () -- C:\Windows\System32\drivers\iMON_PAD.sys
[2009/11/02 17:32:49 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/11/02 17:32:49 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/11/02 17:32:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/10/13 16:00:25 | 000,000,530 | ---- | C] () -- C:\Windows\hpbafd.ini
[2009/10/05 14:13:36 | 000,000,000 | ---- | C] () -- C:\Windows\graphedt.INI
[2009/09/28 13:48:15 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/14 14:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
< End of report >


EDIT: Moved from AII to MRL ~ Hamluis.

Edited by hamluis, 23 June 2010 - 12:57 PM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:29 PM

Posted 28 June 2010 - 12:57 PM

Hi zinoy, and welcome to Bleeping Computer.

Firstly,
Please follow the Preparation Guide and run the scan with Gmer... Post the logfile...

Secondly,
Your version of OTL.exe is outdated... Delete OTL.exe file... Then,
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will a Notepad window. OTL.Txt - saved in the same location as OTL. Post it in this thread.
  • You may need to use two posts to get it all.

Thirdly,

Download Bootkit remover to your Desktop
This is a rar file if you do not have a programme to open it then download and install Peazip.

Extract Remover.exe to your Desktop
Right click Remover.exe and select Run as Administrator.
It will show a Black screen with some data on it.
Right click on the screen and select > Select All.
Press Control+C.
Open a Notepad and press Control+V.

Post the resultant log here please...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:29 PM

Posted 13 July 2010 - 11:03 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users