Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bamital.C - Wininit.exe Explorer.exe


  • This topic is locked This topic is locked
12 replies to this topic

#1 Sny

Sny

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 18 September 2010 - 05:47 PM

http://www.bleepingcomputer.com/forums/topic348189.html
Viruses listed are Wininit.exe and explorer.exe. Get black screen of death at windows log-in, although I can still access internet from task manager.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Drew at 18:38:13.05 on Sat 09/18/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_13
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2030.1082 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\RunDll32.exe
C:\Users\Drew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3T24U9R\dds[1].com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\drew\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\drew\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [TpShocks] TpShocks.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~3.EXE
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [combofix] c:\combofix\cf587.cfxxe /c c:\combofix\Combobatch.bat
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallati...uot;ver=9.0.851
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [combofix] c:\combofix\cf587.cfxxe /c c:\ComboFixCombobatch.bat
StartupFolder: c:\users\drew\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\drew\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\drew\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\common files\microsoft shared\virtualization handler\CVH.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: spriggs.com\remote
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/wireless/bin/sysreqlab_srlx.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\drew\appdata\roaming\mozilla\firefox\profiles\2bburfil.default\
FF - component: c:\users\drew\appdata\roaming\mozilla\firefox\profiles\2bburfil.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\winnt_x86-msvc\1.9.1\yoono.dll
FF - component: c:\users\drew\appdata\roaming\mozilla\firefox\profiles\2bburfil.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\drew\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\drew\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\drew\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\drew\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\drew\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-9-18 583640]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 55936]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSlh.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplaylh.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-9-23 21848]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVollh.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
RUnknown aswFsBlk;aswFsBlk; [x]
RUnknown aswMonFlt;aswMonFlt; [x]
RUnknown aswSP;aswSP; [x]
RUnknown avast! Antivirus;avast! Antivirus; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-9 569344]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-30 1343400]

=============== Created Last 30 ================

2010-09-18 20:44:07 98816 ----a-w- c:\windows\sed.exe
2010-09-18 20:44:07 77312 ----a-w- c:\windows\MBR.exe
2010-09-18 20:44:07 256512 ----a-w- c:\windows\PEV.exe
2010-09-18 20:44:07 161792 ----a-w- c:\windows\SWREG.exe
2010-09-18 20:43:57 0 d-s---w- C:\ComboFix
2010-09-18 15:30:20 524288 --sha-w- c:\users\drew\ntuser.dat{8d51ca37-c339-11df-86d1-909257537131}.TMContainer00000000000000000002.regtrans-ms
2010-09-18 15:30:19 65536 --sha-w- c:\users\drew\ntuser.dat{8d51ca37-c339-11df-86d1-909257537131}.TM.blf
2010-09-18 15:30:19 524288 --sha-w- c:\users\drew\ntuser.dat{8d51ca37-c339-11df-86d1-909257537131}.TMContainer00000000000000000001.regtrans-ms
2010-09-18 15:25:58 0 d-----w- c:\program files\Microsoft Security Essentials
2010-09-18 14:33:32 0 d-----w- c:\users\drew\appdata\roaming\Registry Mechanic
2010-09-18 14:17:54 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-09-18 14:17:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-09-18 14:17:53 506368 ----a-w- c:\windows\system32\msxml.dll
2010-09-18 14:17:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-09-18 14:17:53 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-09-18 13:45:21 0 d-----w- c:\program files\CCleaner
2010-09-18 13:35:53 65536 --sha-w- c:\users\drew\ntuser.dat{7a2d78ba-c329-11df-a51f-001c251e12fe}.TM.blf
2010-09-18 13:35:53 524288 --sha-w- c:\users\drew\ntuser.dat{7a2d78ba-c329-11df-a51f-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
2010-09-18 13:35:53 524288 --sha-w- c:\users\drew\ntuser.dat{7a2d78ba-c329-11df-a51f-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
2010-09-18 13:31:07 65536 --sha-w- c:\users\drew\ntuser.dat{b04b6762-c328-11df-9d42-001c251e12fe}.TM.blf
2010-09-18 13:31:07 524288 --sha-w- c:\users\drew\ntuser.dat{b04b6762-c328-11df-9d42-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
2010-09-18 13:31:07 524288 --sha-w- c:\users\drew\ntuser.dat{b04b6762-c328-11df-9d42-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
2010-09-17 02:38:20 0 d-----w- c:\programdata\Alwil Software
2010-09-17 02:03:40 0 d-----w- c:\programdata\RegSERVO
2010-09-01 04:34:21 0 d-----w- c:\users\drew\appdata\roaming\NetCentrics
2010-09-01 04:32:54 0 d-----w- c:\program files\Getting Things Done
2010-09-01 04:32:37 1590 ----a-w- c:\windows\GettingThingsDone.mif
2010-08-29 14:01:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-29 13:49:18 0 d--h--w- C:\$AVG
2010-08-28 05:28:03 0 d-----w- c:\programdata\Lavasoft
2010-08-28 04:24:28 12536 ----a-w- c:\windows\system32\avgrsstx.dll.install_backup
2010-08-28 04:21:38 0 d-----w- c:\program files\AVG
2010-08-28 04:21:22 0 d-----w- c:\programdata\avg9
2010-08-27 12:12:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 12:12:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 06:39:31 65536 --sha-w- c:\users\drew\ntuser.dat{bbe79250-b1a5-11df-b005-001c251e12fe}.TM.blf
2010-08-27 06:39:31 524288 --sha-w- c:\users\drew\ntuser.dat{bbe79250-b1a5-11df-b005-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
2010-08-27 06:39:31 524288 --sha-w- c:\users\drew\ntuser.dat{bbe79250-b1a5-11df-b005-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
2010-08-27 05:34:20 0 d-----w- c:\users\drew\appdata\roaming\Malwarebytes
2010-08-27 05:34:03 0 d-----w- c:\programdata\Malwarebytes
2010-08-27 05:34:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 05:13:27 0 d-----w- c:\users\drew\appdata\roaming\PC Tools
2010-08-27 05:13:27 0 d-----w- c:\programdata\PC Tools
2010-08-27 05:13:27 0 d-----w- c:\program files\Spyware Doctor
2010-08-27 05:13:27 0 d-----w- c:\program files\common files\PC Tools
2010-08-25 15:13:51 571904 ----a-w- c:\windows\system32\oleaut32.dll

==================== Find3M ====================

2010-09-18 15:37:32 2614272 ----a-w- c:\windows\Explorer.EXE
2010-09-17 01:58:58 27240 ----a-w- c:\users\drew\appdata\roaming\nvModes.dat
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:39:31.61 ===============


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 18 September 2010 - 08:50 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.


    Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All

  4. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    wininit.exe
    explorer.exe
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT

  5. Push
  6. A report will open. Copy and Paste that report in your next reply.
  7. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


==========

Please download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (With Vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • A log named MBRcheck will be on your desktop
  • Copy and paste that log in your next reply

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* RKU log
* MbrCheck log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Sny

Sny
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 19 September 2010 - 10:36 AM

OTL logfile created on: 9/19/2010 10:31:49 AM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Drew\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.34 Gb Total Space | 23.80 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DREW-PC
Current User Name: Drew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- Q:\140062.enu\Office14\ONENOTEM.EXE
PRC - [2010/09/19 10:23:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Drew\Downloads\OTL.exe
PRC - [2010/09/12 18:18:13 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Users\Drew\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 08:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/26 07:35:12 | 003,195,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
PRC - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/09/26 07:35:02 | 000,045,392 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/07/16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/07/13 21:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/12/12 12:41:06 | 000,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/02 22:19:13 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/03/04 11:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/21 17:55:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/09/28 20:29:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
PRC - [2007/09/28 17:28:40 | 000,181,544 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
PRC - [2007/08/09 14:45:36 | 000,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/07/09 16:40:30 | 001,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/07/05 19:49:18 | 000,128,296 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 19:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/07/05 19:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 19:48:54 | 000,206,120 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 19:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/05/31 06:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2007/03/15 02:18:22 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2007/03/02 01:07:28 | 000,055,936 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2007/02/05 18:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2007/01/08 22:42:20 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Drew\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2010/09/19 10:23:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Drew\Downloads\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/04/30 03:01:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/12 04:19:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/12/12 12:41:18 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/12/12 12:41:08 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/28 20:29:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/08/09 14:45:36 | 000,722,232 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/08/09 14:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/05 19:48:54 | 000,206,120 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/07/05 19:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/05/31 06:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/03/02 01:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2007/02/05 18:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/09 00:03:26 | 000,569,344 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/01/09 00:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/01/08 22:42:20 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/04 23:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (All) ==========

DRV - File not found [Kernel | Unknown | Stopped] -- -- (tzsnujlm)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ofsaytmi.sys -- (ofsaytmi)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\geindrff.sys -- (geindrff)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/21 22:47:35 | 000,310,784 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2010/06/21 22:47:21 | 000,307,200 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2010/06/21 22:47:13 | 000,113,664 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2010/06/14 02:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV - [2010/06/14 02:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/27 03:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2010/02/27 03:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2010/02/27 03:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/02 00:06:59 | 000,728,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2009/09/26 01:58:35 | 000,194,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\fvevol.sys -- (fvevol)
DRV - [2009/09/23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 21:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
DRV - [2009/07/13 21:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,274,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\agp440.sys -- (agp440)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009/07/13 21:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:45 | 000,153,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pci.sys -- (pci)
DRV - [2009/07/13 21:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\pciide.sys -- (pciide)
DRV - [2009/07/13 21:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2009/07/13 21:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ndis.sys -- (NDIS)
DRV - [2009/07/13 21:20:44 | 000,186,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\msiscsi.sys -- (iScsiPrt)
DRV - [2009/07/13 21:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,130,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\mpio.sys -- (mpio)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,115,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\msdsm.sys -- (msdsm)
DRV - [2009/07/13 21:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2009/07/13 21:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2009/07/13 21:20:44 | 000,056,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2009/07/13 21:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2009/07/13 21:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009/07/13 21:20:44 | 000,027,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\msahci.sys -- (msahci)
DRV - [2009/07/13 21:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\msisadrv.sys -- (msisadrv)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,067,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2009/07/13 21:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\intelide.sys -- (intelide)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2009/07/13 21:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\gagp30kx.sys -- (gagp30kx)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2009/07/13 21:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\uliagpkx.sys -- (uliagpkx)
DRV - [2009/07/13 21:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\wd.sys -- (Wd)
DRV - [2009/07/13 21:19:10 | 000,445,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\volsnap.sys -- (volsnap)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\uagp35.sys -- (uagp35)
DRV - [2009/07/13 21:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2009/07/13 21:19:10 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\volmgr.sys -- (volmgr)
DRV - [2009/07/13 21:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,085,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sbp2port.sys -- (sbp2port)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pcmcia.sys -- (pcmcia)
DRV - [2009/07/13 21:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2009/07/13 21:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:41:15 | 000,586,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2009/07/13 20:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2009/07/13 20:14:44 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV - [2009/07/13 20:02:58 | 000,133,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (RDPDR)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:55 | 000,177,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2009/07/13 20:01:51 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 20:01:40 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2009/07/13 20:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2009/07/13 20:01:37 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2009/07/13 20:01:37 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2009/07/13 19:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2009/07/13 19:55:02 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2009/07/13 19:55:02 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV - [2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp) WAN Miniport (SSTP)
DRV - [2009/07/13 19:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/07/13 19:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2009/07/13 19:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2009/07/13 19:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2009/07/13 19:54:35 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/07/13 19:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2009/07/13 19:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2009/07/13 19:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2009/07/13 19:54:27 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2009/07/13 19:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2009/07/13 19:54:14 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2009/07/13 19:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2009/07/13 19:54:03 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2009/07/13 19:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV - [2009/07/13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2009/07/13 19:53:51 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smb.sys -- (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DRV - [2009/07/13 19:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2009/07/13 19:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2009/07/13 19:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2009/07/13 19:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:09 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/07/13 19:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:39 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2009/07/13 19:51:37 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bthmodem.sys -- (BTHMODEM)
DRV - [2009/07/13 19:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\hidbth.sys -- (HidBth)
DRV - [2009/07/13 19:51:31 | 000,392,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2009/07/13 19:51:31 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2009/07/13 19:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy)
DRV - [2009/07/13 19:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/07/13 19:51:18 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2009/07/13 19:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\circlass.sys -- (circlass)
DRV - [2009/07/13 19:51:14 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/07/13 19:51:14 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\usbohci.sys -- (usbohci)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:10 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\hidir.sys -- (HidIr)
DRV - [2009/07/13 19:51:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\hidusb.sys -- (HidUsb)
DRV - [2009/07/13 19:50:57 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2009/07/13 19:50:56 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/07/13 19:50:45 | 000,132,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2009/07/13 19:50:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\wacompen.sys -- (WacomPen)
DRV - [2009/07/13 19:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sfloppy.sys -- (sfloppy)
DRV - [2009/07/13 19:45:52 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sffp_sd.sys -- (sffp_sd)
DRV - [2009/07/13 19:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sffp_mmc.sys -- (sffp_mmc)
DRV - [2009/07/13 19:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sffdisk.sys -- (sffdisk)
DRV - [2009/07/13 19:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\fdc.sys -- (fdc)
DRV - [2009/07/13 19:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\flpydisk.sys -- (flpydisk)
DRV - [2009/07/13 19:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\parport.sys -- (Parport)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 19:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\system32\DRIVERS\parvdm.sys -- (Parvdm)
DRV - [2009/07/13 19:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serenum.sys -- (Serenum)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:45:09 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\kbdhid.sys -- (kbdhid)
DRV - [2009/07/13 19:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\mouhid.sys -- (mouhid)
DRV - [2009/07/13 19:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sermouse.sys -- (sermouse)
DRV - [2009/07/13 19:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009/07/13 19:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2009/07/13 19:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009/07/13 19:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009/07/13 19:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:30:59 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\IPMIDrv.sys -- (IPMIDRV)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2009/07/13 19:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/13 19:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/07/13 19:19:26 | 000,084,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\errdev.sys -- (ErrDev)
DRV - [2009/07/13 19:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2009/07/13 19:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2009/07/13 19:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2009/07/13 19:15:13 | 000,387,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
DRV - [2009/07/13 19:14:29 | 000,241,664 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/07/13 19:14:26 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/07/13 19:14:22 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2009/07/13 19:14:17 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2009/07/13 19:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/07/13 19:14:03 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/07/13 19:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/07/13 19:12:59 | 000,513,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 19:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2009/07/13 19:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/07/13 19:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009/07/13 19:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/07/13 19:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/07/13 19:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2009/07/13 19:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/13 19:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2009/07/13 19:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdk8.sys -- (AmdK8)
DRV - [2009/07/13 19:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viac7.sys -- (ViaC7)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 19:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\processr.sys -- (Processor)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 16:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/16 15:51:56 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/03/05 18:43:32 | 000,223,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/02/06 03:00:00 | 000,044,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/12/11 16:08:55 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2007/11/21 18:08:58 | 000,181,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/28 20:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/09/28 20:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/09/05 13:07:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2007/08/08 07:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/29 22:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 21:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/27 03:57:00 | 007,131,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/07/24 00:34:36 | 000,348,160 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/05/31 06:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/04/29 17:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/03/15 02:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2007/03/15 01:50:06 | 000,040,848 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/03/13 20:13:54 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/03/13 20:13:32 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/03/13 20:13:30 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/03/13 20:13:30 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/03/13 20:13:28 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/03/13 20:13:26 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/03/13 20:13:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/03/13 20:13:24 | 000,104,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 05:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/12 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/09 16:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/09 00:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/09 00:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/12/21 22:50:00 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 22:49:00 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/21 22:48:00 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/28 03:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/06 04:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/08/30 06:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2006/06/19 01:26:00 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: info@recapthelaw.org:0.6
FF - prefs.js..extensions.enabledItems: safariviewwin@systemantics.net:0.5.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:3.6.10021200
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: {B96AA562-844F-4FFD-9D0F-7F1C6181A171}:1.9.1
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.2.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/04/01 02:39:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 09:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 09:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/01 02:34:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/01 02:34:48 | 000,000,000 | ---D | M]

[2010/04/01 03:05:38 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Extensions
[2008/06/30 15:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drew\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/19 01:57:23 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions
[2010/09/18 03:31:26 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/09/19 05:50:55 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/09/19 05:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/09/18 03:31:27 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/09/19 05:50:55 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/09/18 03:31:27 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2010/09/18 03:31:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/19 05:50:55 | 000,000,000 | ---D | M] (Aero Fox Silver XL) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2010/09/19 05:50:55 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/09/18 03:31:27 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/04/01 03:05:47 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2010/09/19 05:50:55 | 000,000,000 | ---D | M] (Yoono) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2010/09/18 03:31:27 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2010/09/18 03:31:27 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/09/19 05:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/09/19 01:57:23 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\extension@virtusdesigns.com
[2010/09/19 05:50:54 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\foxmarks@kei.com
[2010/09/19 05:50:55 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\info@recapthelaw.org
[2010/09/18 03:31:26 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\piclens@cooliris.com
[2010/09/18 03:31:26 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\safariviewwin@systemantics.net
[2010/09/19 05:50:55 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\smarterwiki@wikiatic.com
[2010/09/19 05:50:55 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\support@lastpass.com
[2010/09/18 17:05:52 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\extension@virtusdesigns.com\__MACOSX
[2010/09/18 17:05:53 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\extension@virtusdesigns.com\chrome
[2010/09/18 17:05:52 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\extension@virtusdesigns.com\defaults
[2010/09/18 17:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/09/18 17:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions
[2010/09/18 17:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/09/18 17:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/04/01 03:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2010/08/30 00:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/11 09:37:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/01 02:34:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2010/04/01 02:34:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/08/11 09:37:39 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/08/11 09:37:39 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:48 | 000,013,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\cgpcfg.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/09/12 23:07:08 | 000,255,312 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxmui.dll
[2009/09/12 23:06:30 | 000,031,064 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\icafile.dll
[2009/09/12 23:06:46 | 000,040,280 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\icalogon.dll
[2009/03/09 05:19:09 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/07/23 12:47:22 | 001,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/07/23 12:47:46 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2010/08/11 09:37:43 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/27 00:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/06/11 22:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/04/02 22:19:25 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/06/29 14:27:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/29 14:27:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/29 14:27:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/29 14:27:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/29 14:27:56 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/29 14:27:57 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/29 14:27:57 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/04/02 22:19:36 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/04/02 22:19:21 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/08/14 13:33:38 | 000,652,640 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\sslsdk_b.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/08/11 09:37:43 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/08/11 09:37:43 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/08/11 09:37:43 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/08/11 09:37:43 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/08/11 09:37:43 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/08/11 09:37:43 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/08/11 09:37:43 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/07/20 17:35:38 | 000,001,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 http://www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobeauthorizations.com
O1 - Hosts: 127.0.0.1 adobeopenoptions.com
O1 - Hosts: 127.0.0.1 adobesystems-macromedia.com
O1 - Hosts: 127.0.0.1 wwwaws.adobe.com
O1 - Hosts: 127.0.0.1 www.gcommerce.com
O1 - Hosts: 127.0.0.1 www.adobe.ca
O1 - Hosts: 127.0.0.1 www.digitalnegative.net
O1 - Hosts: 127.0.0.1 www.fileline.com
O1 - Hosts: 17 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Drew\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: spriggs.com ([remote] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Drew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Drew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Users^Drew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe - (Southwest Airlines)
MsConfig - StartUpFolder: C:^Users^Drew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpFolder: C:^Users^Drew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: cssauth - hkey= - key= - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
MsConfig - StartUpReg: GoBoingo - hkey= - key= - C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk ()
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: LPManager - hkey= - key= - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
MsConfig - StartUpReg: MaxMenuMgr - hkey= - key= - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E7B1D576-E03F-C9AA-25BE-4301BFB3BF5D} - Microsoft Windows Media Player
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/18 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Local\temp
[2010/09/18 16:43:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/18 16:43:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/18 11:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/18 10:33:32 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Roaming\Registry Mechanic
[2010/09/18 10:17:53 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/09/18 10:17:53 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/09/18 10:17:53 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2010/09/18 10:17:53 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/09/18 10:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/09/18 09:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/16 22:42:51 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/16 22:42:48 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/16 22:42:42 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/16 22:42:33 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/16 22:42:19 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/16 22:38:46 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/16 22:38:43 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/16 22:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/16 22:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/16 22:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\RegSERVO
[2010/09/16 22:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\RegSERVO
[2010/09/10 02:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/09/01 00:34:21 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Roaming\NetCentrics
[2010/09/01 00:34:21 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Local\NetCentrics
[2010/09/01 00:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Getting Things Done
[2010/08/29 10:01:54 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/08/29 09:49:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/08/29 09:06:24 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Local\Sunbelt Software
[2010/08/28 01:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/08/28 00:24:28 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll.install_backup
[2010/08/28 00:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/28 00:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/27 08:12:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/27 08:12:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/27 08:11:29 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Drew\Desktop\mbam-setup-1.46.exe
[2010/08/27 01:34:20 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Roaming\Malwarebytes
[2010/08/27 01:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/27 01:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/27 01:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/08/27 01:13:27 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Roaming\PC Tools
[2010/08/27 01:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/08/27 01:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/08/26 23:28:01 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Local\{B96AA562-844F-4FFD-9D0F-7F1C6181A171}
[2010/08/26 23:26:32 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Local\afyorstlf
[2010/08/26 23:26:18 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Local\Windows Server
[2010/08/26 23:26:12 | 000,000,000 | ---D | C] -- C:\Users\Drew\AppData\Roaming\3E1CC0847EBE1F4DDD64D0F340CF86D4
[2010/08/25 21:17:51 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\Someday Maybe
[2010/08/24 00:20:53 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\Outlook Files
[2010/08/23 21:49:54 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\ClearContext.Information.Management.System.Pro.v4.6.6-ARN
[2010/08/23 19:02:43 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\Execution
[2010/08/23 18:41:00 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\Jim Collins - Good to Great
[2010/08/23 18:36:57 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\David Allen - Making it all Work-1
[2010/08/23 18:34:50 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\David Allen - Making it all Work
[2010/08/23 18:30:04 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\Getting Things Done Fast
[2010/08/21 13:48:17 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\Program Files
[2010/08/21 12:30:26 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\Records
[2010/08/21 12:29:51 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\Project Support
[2010/08/21 12:23:47 | 000,000,000 | ---D | C] -- C:\Users\Drew\Documents\Reference
[2007/12/11 15:32:35 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/12/11 15:32:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Users\Drew\Desktop\*.tmp files -> C:\Users\Drew\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/19 10:35:12 | 006,029,312 | -HS- | M] () -- C:\Users\Drew\ntuser.dat
[2010/09/19 10:35:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4116130890-2126257087-351448349-1005UA.job
[2010/09/19 10:25:50 | 000,019,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 10:25:50 | 000,019,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 10:23:38 | 000,027,240 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\nvModes.001
[2010/09/19 10:17:14 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2010/09/19 10:16:46 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 10:16:11 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2010/09/19 10:16:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/19 10:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 10:15:53 | 236,270,935 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/19 10:15:48 | 1596,690,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 02:21:41 | 000,524,288 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{2dbdbabd-c3b2-11df-adfb-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/19 02:21:41 | 000,524,288 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{2dbdbabd-c3b2-11df-adfb-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 02:21:41 | 000,065,536 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{2dbdbabd-c3b2-11df-adfb-001c251e12fe}.TM.blf
[2010/09/19 02:21:38 | 000,943,900 | -H-- | M] () -- C:\Users\Drew\AppData\Local\IconCache.db
[2010/09/19 01:58:28 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/19 01:58:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/18 11:31:20 | 000,524,288 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{8d51ca37-c339-11df-86d1-909257537131}.TMContainer00000000000000000002.regtrans-ms
[2010/09/18 11:31:20 | 000,524,288 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{8d51ca37-c339-11df-86d1-909257537131}.TMContainer00000000000000000001.regtrans-ms
[2010/09/18 11:31:20 | 000,065,536 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{8d51ca37-c339-11df-86d1-909257537131}.TM.blf
[2010/09/18 11:25:59 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/09/18 10:17:54 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/09/18 10:03:29 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
[2010/09/18 10:02:18 | 000,524,288 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{7a2d78ba-c329-11df-a51f-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/18 10:02:18 | 000,524,288 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{7a2d78ba-c329-11df-a51f-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/18 10:02:18 | 000,065,536 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{7a2d78ba-c329-11df-a51f-001c251e12fe}.TM.blf
[2010/09/18 09:48:29 | 000,235,836 | ---- | M] () -- C:\Users\Drew\Documents\cc_20100918_094656.reg
[2010/09/18 09:45:22 | 000,000,975 | ---- | M] () -- C:\Users\Drew\Desktop\CCleaner.lnk
[2010/09/18 09:31:07 | 000,524,288 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{b04b6762-c328-11df-9d42-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/18 09:31:07 | 000,524,288 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{b04b6762-c328-11df-9d42-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/18 09:31:07 | 000,065,536 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{b04b6762-c328-11df-9d42-001c251e12fe}.TM.blf
[2010/09/16 22:51:19 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/16 22:11:03 | 000,006,171 | ---- | M] () -- C:\Users\Drew\Desktop\Elidel - Shortcut.lnk
[2010/09/16 22:03:31 | 000,000,975 | ---- | M] () -- C:\Users\Drew\Desktop\RegSERVO.lnk
[2010/09/16 21:58:58 | 000,027,240 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\nvModes.dat
[2010/09/16 21:55:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2010/09/16 21:52:39 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4116130890-2126257087-351448349-1005Core.job
[2010/09/11 11:41:09 | 000,806,520 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/11 11:41:09 | 000,680,098 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/11 11:41:09 | 000,128,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/06 23:31:25 | 000,085,704 | ---- | M] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (301-335).pdf
[2010/09/06 23:30:26 | 000,076,506 | ---- | M] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (251-300).pdf
[2010/09/06 23:29:43 | 000,078,871 | ---- | M] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (201-250).pdf
[2010/09/06 23:28:18 | 000,086,681 | ---- | M] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (151-200).pdf
[2010/09/06 23:27:09 | 000,119,163 | ---- | M] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (101-150).pdf
[2010/09/06 23:26:03 | 000,089,833 | ---- | M] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (51-100).pdf
[2010/09/06 23:23:31 | 000,074,373 | ---- | M] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (1-50).pdf
[2010/09/06 23:17:00 | 000,059,577 | ---- | M] () -- C:\Users\Drew\Desktop\MySpace.com - View Comments.htm
[2010/09/06 22:51:43 | 000,044,328 | ---- | M] () -- C:\Users\Drew\Desktop\18573_314269123292_580973292_3533773_3369571_n.jpg
[2010/09/06 22:51:26 | 000,012,156 | ---- | M] () -- C:\Users\Drew\Desktop\23657_390208778292_580973292_3971910_4290139_n.jpg
[2010/09/06 22:51:15 | 000,050,691 | ---- | M] () -- C:\Users\Drew\Desktop\30179_403784308292_580973292_4278778_5095293_n.jpg
[2010/09/06 20:43:00 | 000,048,791 | ---- | M] () -- C:\Users\Drew\Desktop\19860679873.pdf
[2010/09/06 20:39:59 | 000,040,517 | ---- | M] () -- C:\Users\Drew\Desktop\19880507707.pdf
[2010/09/01 20:13:34 | 000,464,135 | ---- | M] () -- C:\Users\Drew\Desktop\mounting.jpg
[2010/09/01 20:02:01 | 000,013,973 | ---- | M] () -- C:\Users\Drew\Documents\CV2002009818.pdf
[2010/09/01 00:33:10 | 000,001,590 | ---- | M] () -- C:\Windows\GettingThingsDone.mif
[2010/08/31 00:46:42 | 000,000,072 | ---- | M] () -- C:\Users\Drew\Desktop\First, care. - 43 Folders.url
[2010/08/29 10:01:54 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/08/28 00:24:30 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll.install_backup
[2010/08/27 08:12:53 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 08:11:39 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Drew\Desktop\mbam-setup-1.46.exe
[2010/08/27 07:56:01 | 000,002,838 | ---- | M] () -- C:\Users\Drew\AppData\Local\ubosuras.dll
[2010/08/27 02:47:57 | 000,000,000 | ---- | M] () -- C:\Users\Drew\AppData\Local\Qbekalegacudezen.bin
[2010/08/27 02:46:08 | 000,524,288 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{bbe79250-b1a5-11df-b005-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
[2010/08/27 02:46:08 | 000,524,288 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{bbe79250-b1a5-11df-b005-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 02:46:08 | 000,065,536 | -HS- | M] () -- C:\Users\Drew\ntuser.dat{bbe79250-b1a5-11df-b005-001c251e12fe}.TM.blf
[2010/08/27 02:45:52 | 000,002,838 | ---- | M] () -- C:\Users\Drew\AppData\Local\ufivehad.dll
[2010/08/27 02:09:41 | 000,053,578 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2010/08/26 23:28:02 | 000,000,120 | ---- | M] () -- C:\Users\Drew\AppData\Local\Kfapadutodigipam.dat
[2010/08/26 22:31:53 | 000,197,686 | ---- | M] () -- C:\Users\Drew\Desktop\Drakes Woven Silk grenadine tie solid colors 8cm.jpg
[2010/08/24 11:25:21 | 000,178,784 | ---- | M] () -- C:\Users\Drew\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/23 21:08:31 | 001,301,554 | ---- | M] () -- C:\Users\Drew\Documents\The 7 habits of highly effective people.pdf
[2010/08/21 22:50:57 | 000,161,250 | ---- | M] () -- C:\Users\Drew\Desktop\Lance Cade.pdf
[2010/08/21 13:35:36 | 000,001,486 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2 C:\Users\Drew\Desktop\*.tmp files -> C:\Users\Drew\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/19 10:15:53 | 236,270,935 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/19 01:53:47 | 000,524,288 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{2dbdbabd-c3b2-11df-adfb-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/19 01:53:47 | 000,524,288 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{2dbdbabd-c3b2-11df-adfb-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 01:53:47 | 000,065,536 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{2dbdbabd-c3b2-11df-adfb-001c251e12fe}.TM.blf
[2010/09/18 11:30:20 | 000,524,288 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{8d51ca37-c339-11df-86d1-909257537131}.TMContainer00000000000000000002.regtrans-ms
[2010/09/18 11:30:19 | 000,524,288 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{8d51ca37-c339-11df-86d1-909257537131}.TMContainer00000000000000000001.regtrans-ms
[2010/09/18 11:30:19 | 000,065,536 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{8d51ca37-c339-11df-86d1-909257537131}.TM.blf
[2010/09/18 11:25:59 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/09/18 10:17:54 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2010/09/18 10:17:54 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/09/18 09:47:04 | 000,235,836 | ---- | C] () -- C:\Users\Drew\Documents\cc_20100918_094656.reg
[2010/09/18 09:45:22 | 000,000,975 | ---- | C] () -- C:\Users\Drew\Desktop\CCleaner.lnk
[2010/09/18 09:35:53 | 000,524,288 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{7a2d78ba-c329-11df-a51f-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/18 09:35:53 | 000,524,288 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{7a2d78ba-c329-11df-a51f-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/18 09:35:53 | 000,065,536 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{7a2d78ba-c329-11df-a51f-001c251e12fe}.TM.blf
[2010/09/18 09:31:07 | 000,524,288 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{b04b6762-c328-11df-9d42-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/18 09:31:07 | 000,524,288 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{b04b6762-c328-11df-9d42-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/18 09:31:07 | 000,065,536 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{b04b6762-c328-11df-9d42-001c251e12fe}.TM.blf
[2010/09/16 22:42:52 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/16 22:03:40 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\RegSERVO.job
[2010/09/16 22:03:31 | 000,000,975 | ---- | C] () -- C:\Users\Drew\Desktop\RegSERVO.lnk
[2010/09/06 23:31:25 | 000,085,704 | ---- | C] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (301-335).pdf
[2010/09/06 23:30:26 | 000,076,506 | ---- | C] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (251-300).pdf
[2010/09/06 23:29:43 | 000,078,871 | ---- | C] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (201-250).pdf
[2010/09/06 23:28:18 | 000,086,681 | ---- | C] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (151-200).pdf
[2010/09/06 23:27:09 | 000,119,163 | ---- | C] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (101-150).pdf
[2010/09/06 23:26:03 | 000,089,833 | ---- | C] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (51-100).pdf
[2010/09/06 23:23:31 | 000,074,373 | ---- | C] () -- C:\Users\Drew\Desktop\Myspace.com - BMCs Comments (1-50).pdf
[2010/09/06 23:16:59 | 000,059,577 | ---- | C] () -- C:\Users\Drew\Desktop\MySpace.com - View Comments.htm
[2010/09/06 22:51:43 | 000,044,328 | ---- | C] () -- C:\Users\Drew\Desktop\18573_314269123292_580973292_3533773_3369571_n.jpg
[2010/09/06 22:51:26 | 000,012,156 | ---- | C] () -- C:\Users\Drew\Desktop\23657_390208778292_580973292_3971910_4290139_n.jpg
[2010/09/06 22:51:15 | 000,050,691 | ---- | C] () -- C:\Users\Drew\Desktop\30179_403784308292_580973292_4278778_5095293_n.jpg
[2010/09/06 20:43:00 | 000,048,791 | ---- | C] () -- C:\Users\Drew\Desktop\19860679873.pdf
[2010/09/06 20:39:59 | 000,040,517 | ---- | C] () -- C:\Users\Drew\Desktop\19880507707.pdf
[2010/09/01 20:13:34 | 000,464,135 | ---- | C] () -- C:\Users\Drew\Desktop\mounting.jpg
[2010/09/01 20:02:01 | 000,013,973 | ---- | C] () -- C:\Users\Drew\Documents\CV2002009818.pdf
[2010/09/01 00:32:37 | 000,001,590 | ---- | C] () -- C:\Windows\GettingThingsDone.mif
[2010/08/31 00:46:42 | 000,000,072 | ---- | C] () -- C:\Users\Drew\Desktop\First, care. - 43 Folders.url
[2010/08/27 08:12:53 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 07:56:01 | 000,002,838 | ---- | C] () -- C:\Users\Drew\AppData\Local\ubosuras.dll
[2010/08/27 02:45:52 | 000,002,838 | ---- | C] () -- C:\Users\Drew\AppData\Local\ufivehad.dll
[2010/08/27 02:39:31 | 000,524,288 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{bbe79250-b1a5-11df-b005-001c251e12fe}.TMContainer00000000000000000002.regtrans-ms
[2010/08/27 02:39:31 | 000,524,288 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{bbe79250-b1a5-11df-b005-001c251e12fe}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 02:39:31 | 000,065,536 | -HS- | C] () -- C:\Users\Drew\ntuser.dat{bbe79250-b1a5-11df-b005-001c251e12fe}.TM.blf
[2010/08/26 23:28:03 | 000,000,000 | ---- | C] () -- C:\Users\Drew\AppData\Local\Qbekalegacudezen.bin
[2010/08/26 23:28:02 | 000,000,120 | ---- | C] () -- C:\Users\Drew\AppData\Local\Kfapadutodigipam.dat
[2010/08/26 22:31:41 | 000,197,686 | ---- | C] () -- C:\Users\Drew\Desktop\Drakes Woven Silk grenadine tie solid colors 8cm.jpg
[2010/08/23 21:07:55 | 001,301,554 | ---- | C] () -- C:\Users\Drew\Documents\The 7 habits of highly effective people.pdf
[2010/08/21 22:50:57 | 000,161,250 | ---- | C] () -- C:\Users\Drew\Desktop\Lance Cade.pdf
[2010/05/07 09:23:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/18 19:54:35 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/02 01:29:50 | 000,000,076 | ---- | C] () -- C:\Windows\System32\dtirc.dll
[2009/04/22 07:33:29 | 000,000,000 | ---- | C] () -- C:\Windows\webica.ini
[2009/02/01 16:41:17 | 000,027,240 | ---- | C] () -- C:\Users\Drew\AppData\Roaming\nvModes.001
[2009/01/30 10:46:44 | 000,027,240 | ---- | C] () -- C:\Users\Drew\AppData\Roaming\nvModes.dat
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/04/13 19:08:17 | 000,025,337 | ---- | C] () -- C:\Users\Drew\AppData\Roaming\Comma Separated Values (Windows).ADR
[2007/12/11 15:57:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/12/11 15:57:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/12/11 15:57:12 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/12/11 15:57:12 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/12/11 15:57:12 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/12/11 15:57:12 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/12/11 15:54:57 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/12/11 15:54:57 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/12/11 15:50:35 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007/12/11 15:32:36 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/12/11 15:32:36 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/12/11 15:27:24 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
[2007/08/03 09:14:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/07/27 02:37:40 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2007/07/27 02:37:29 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2007/03/29 16:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/14 03:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 03:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/05 18:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL
[2006/03/09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/09/18 03:31:21 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\.purple
[2010/09/19 05:50:54 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\3E1CC0847EBE1F4DDD64D0F340CF86D4
[2010/09/18 03:31:22 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Adobe
[2010/04/01 03:04:16 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Amazon
[2010/04/01 03:04:32 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Apple Computer
[2010/09/18 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Azureus
[2010/09/18 03:31:22 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Citrix
[2010/04/01 03:04:32 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/01 03:04:32 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\DivX
[2010/04/01 03:04:32 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\DNA
[2010/04/01 03:04:32 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Download Manager
[2010/09/19 10:18:42 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Dropbox
[2010/06/06 17:33:45 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\FileZilla
[2010/09/18 03:31:22 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Google
[2010/04/01 03:04:33 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Helios
[2010/04/01 03:04:33 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\ICAClient
[2010/08/20 09:55:43 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Identities
[2009/06/01 22:47:46 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\IDM
[2010/04/01 03:04:34 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\InterVideo
[2010/04/01 03:04:34 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\J River
[2010/04/01 03:04:34 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Leadertech
[2010/09/18 03:31:22 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Lenovo
[2010/09/18 03:31:22 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Macromedia
[2010/08/27 01:34:20 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Malwarebytes
[2009/07/14 03:48:45 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Media Center Programs
[2010/09/18 03:31:23 | 000,000,000 | --SD | M] -- C:\Users\Drew\AppData\Roaming\Microsoft
[2010/09/18 03:31:25 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\mIRC
[2010/09/18 03:31:25 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Move Networks
[2010/09/18 03:31:28 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Mozilla
[2009/06/01 22:48:00 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\NBC Direct
[2010/09/18 03:31:28 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\NetCentrics
[2009/07/12 04:25:05 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\NetLibCache
[2010/09/18 03:31:28 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\NVD
[2010/08/27 01:13:27 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\PC Tools
[2010/09/18 03:31:28 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Real
[2010/09/18 10:33:32 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Registry Mechanic
[2010/04/01 03:06:11 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Roxio
[2010/09/18 03:31:28 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Skype
[2010/05/09 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\skypePM
[2010/04/01 03:06:13 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\SmartDraw
[2010/09/19 02:21:30 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\SoftGrid Client
[2010/04/01 03:06:13 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Southwest Airlines
[2010/09/18 03:31:28 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\Thunderbird
[2010/04/27 02:27:44 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\TP
[2010/04/01 03:06:14 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010/04/01 03:06:14 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/09/19 05:50:56 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\uTorrent
[2010/04/01 03:06:17 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\vlc
[2008/04/08 23:19:09 | 000,000,000 | ---D | M] -- C:\Users\Drew\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2008/06/27 12:32:24 | 000,167,936 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Adobe\Lightroom\Plugins\facebook-jfriedl.lrplugin\Win\unzip.exe
[2010/07/29 12:00:00 | 004,172,288 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010/03/02 01:51:35 | 000,091,696 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010/03/02 01:51:19 | 013,264,416 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Dropbox\cache\Dropbox-update-0.7.110.exe
[2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Drew\AppData\Roaming\Google\Google Talk\googletalk.exe
[2010/01/18 02:28:37 | 000,079,367 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Google\Google Talk\uninstall.exe
[2009/09/07 16:56:43 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Drew\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2008/03/02 23:07:58 | 000,008,192 | R--- | M] () -- C:\Users\Drew\AppData\Roaming\Microsoft\Installer\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}\Icon84031A18.exe
[2009/11/07 21:19:30 | 000,143,976 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Move Networks\uninstall.exe
[2009/10/14 20:50:30 | 000,097,216 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2010/06/14 13:08:50 | 000,425,984 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
[2010/06/14 13:08:50 | 000,545,280 | ---- | M] () -- C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\2bburfil.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
[2009/05/26 21:12:03 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
[2010/02/20 11:30:56 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2010/07/06 18:20:52 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010/09/16 21:53:09 | 000,452,104 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\Update\setup3.12\setup.exe
[2009/03/27 16:53:21 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
[2009/04/04 16:53:26 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe
[2009/04/17 16:53:29 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\Update\temp\~Upg2\RealPlayer11.exe
[2009/04/29 16:53:36 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
[2009/05/08 19:09:06 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
[2009/05/18 11:50:55 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
[2009/05/26 21:12:02 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Drew\AppData\Roaming\Real\Update\temp\~Upg6\RealPlayer11.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/03/15 02:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Program Files\ThinkVantage Fingerprint Software\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IASTOR.SYS >
[2007/02/12 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\iaStor.sys
[2007/02/12 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVERS\other\iastor.sys
[2007/02/12 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007/02/12 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/12 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_32495ab0b5cbc36c\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/29 10:01:54 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/06/21 22:47:35 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/06/21 22:47:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/06/21 22:47:13 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >


OTL Extras logfile created on: 9/19/2010 10:31:49 AM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Drew\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.34 Gb Total Space | 23.80 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DREW-PC
Current User Name: Drew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{083FCBB8-A728-C0E5-CC3D-D9AEC9FC5BE9}" = TweetDeck
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{12723C3A-0FF8-4A0C-8BD3-DC958F388F67}" = GoBoingo!
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{150493B7-B59F-C677-F3AD-67C7E97CAAAF}" = Adobe Help Viewer 2
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC565D-AD28-4FBC-8B2D-1948F08370E2}_is1" = Circle Dock
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{531BC138-F1F7-496B-879C-F039ECEF438D}" = Adobe Photoshop Lightroom 2
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8C7F4DB7-E0B0-46D7-80BD-D95201B1137B}" = Getting Things Done Outlook Add-In
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92AD5564-AFE0-4CED-B7D1-370896752872}" = ThinkPad Mobility Center Customization
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9E3800D9-93D8-4941-A9DF-3C3C6FBD1508}" = Adobe Setup
"{9E8A81B2-3A58-4A44-B8B6-292A55799344}" = Adobe FrameMaker CSTI Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D7B96D96-D9F4-40B7-B913-3D50BDD87C6F}" = Suite Shared Configuration CS4
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"1B609D7E6D10BAF8F2B5CB6A0A89867EF7F61A3E" = Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)
"2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
"38884E3EBEF76FE8FCF8DF8349FE73E84B85632C" = Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)
"38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
"530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
"5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
"67CCAA793684CADDDCD55BAD807632E611CA05D2" = Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_644fbe48c57332e6119b31672240508" = Adobe FrameMaker CSTI Driver
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_d2f336b2c5feeb945c28b7a0a45170f" = Adobe Creative Suite 4 Master Collection
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"avast5" = avast! Free Antivirus
"AwayTask" = Maintenance Manager
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"E40782D0B0D2A7F661A275F639A54DDA57386FB8" = Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"FileZilla Client" = FileZilla Client 3.3.1
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"MagicDisc 2.7.97" = MagicDisc 2.7.97
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Power Management Driver" = ThinkPad Power Management Driver
"ProcessScanner_is1" = Uniblue ProcessScanner
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"RegSERVO" = RegSERVO
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"SystemRequirementsLab" = System Requirements Lab
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"ULTIMATER" = Microsoft Office Ultimate 2007
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 0.9.9
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"XobniMain" = Xobni
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



#4 Sny

Sny
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 19 September 2010 - 10:39 AM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8F401000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7131136 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.55 )
0x9022E000 C:\Windows\system32\DRIVERS\netw5v32.sys 4272128 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x82E01000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E01000 PnpManager 4259840 bytes
0x82E01000 RAW 4259840 bytes
0x82E01000 WMIxWDM 4259840 bytes
0x826D0000 Win32k 2400256 bytes
0x826D0000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8943A000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x89001000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x97431000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8E01A000 C:\Windows\System32\Drivers\dump_iaStor.sys 778240 bytes
0x88E3C000 C:\Windows\system32\DRIVERS\iaStor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8FACE000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8923B000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x97534000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x88B0A000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA2619000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA26BA000 C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys 569344 bytes (Microsoft Corporation, Microsoft Application Virtualization File System)
0x9DA8D000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x88A37000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x88C1B000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8DF5E000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8916E000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8EA92000 C:\Windows\system32\drivers\ADIHdAud.sys 368640 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x8DE13000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x906AB000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xA8229000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xA27B0000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82980000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x88BB5000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88D5C000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88C9A000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9DA24000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8EA3D000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x88AC8000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8DECF000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x895BD000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x892F2000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8EB34000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x9DB60000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FB85000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8FBBE000 C:\Windows\system32\DRIVERS\e1e6032.sys 233472 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x83211000 ACPI_HAL 225280 bytes
0x8EB97000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x83211000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xA2745000 C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys 217088 bytes (Microsoft Corporation, Microsoft Application Virtualization SystemGuard)
0x88F2F000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x88FC7000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x89392000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x88F95000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89583000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8EAEC000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88DBC000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x89355000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x90641000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x89130000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x90722000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x88CF3000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8DFD0000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0x893D5000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89330000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x88F03000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8E10B000 C:\Windows\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x9DB3D000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x907BB000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA277A000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8E1DB000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E150000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8E0EC000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8920D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8DE79000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82960000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x89410000 C:\Windows\System32\DRIVERS\Apsx86.sys 114688 bytes (Lenovo., Shockproof Disk Driver)
0x8EB7C000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9DB9B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8EA09000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9DB12000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8EB1B000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x9066D000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8DF32000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EBE2000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0x906FD000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x90798000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x907DD000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x88E00000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0x88F74000 C:\Windows\System32\Drivers\DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0x90200000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90217000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E1AF000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x891E2000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x88DEA000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8DF4A000 C:\Windows\system32\DRIVERS\ctxusbm.sys 81920 bytes (Citrix Systems, Inc., Citrix USB Filter Driver)
0x90697000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8915B000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9DA7A000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DEA6000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x90786000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8DE00000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9DB2B000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x9DBD5000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x893C4000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x97417000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88F63000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8EA81000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88D28000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x88AAF000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x90686000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x8E0D8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89382000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x9DA6A000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8DEBF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x88D4C000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8E00B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8DFC2000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8DE98000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E1A1000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88DAE000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x891CB000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8922C000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88C8C000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90779000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x9740A000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90715000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x975E8000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x9074F000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA279B000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8E171000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8DF26000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x9075C000 C:\Windows\system32\drivers\tpm.sys 49152 bytes (Microsoft Corporation, TPM Device Driver)
0x8E144000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x88D41000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8EBD7000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x8EB71000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8E196000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x907B0000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E1C6000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8E000000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88D1D000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8E1D1000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x97400000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8DF1A000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8DF10000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88F8B000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x907F5000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA26B0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x88F26000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA82F2000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x88EFA000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x891D9000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA82FB000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA827A000 C:\Windows\system32\DRIVERS\Sftredirlh.sys 36864 bytes (Microsoft Corporation, Microsoft Application Virtualization SystemGuard)
0x975F5000 C:\Windows\System32\Drivers\tcusb.sys 36864 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0x82930000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8EBCE000 C:\Windows\system32\DRIVERS\tvtfilter.sys 36864 bytes (Lenovo, Rescue and Recovery filter driver)
0x895B4000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x90770000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x88CE2000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x89400000 C:\Windows\System32\DRIVERS\ApsHM86.sys 32768 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0x88AC0000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x88D39000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8942C000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BC8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88CEB000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E17E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E186000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8E18E000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x89408000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA27A8000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8E137000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8EA23000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x8EA2A000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x88DA7000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8E130000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9DBCE000 C:\Windows\system32\DRIVERS\PROCDD.SYS 28672 bytes (Lenovo Group Limited, IPS Helper Driver)
0x8EA00000 C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys 28672 bytes (Microsoft Corporation, Microsoft Application Virtualization Volume Manager)
0x8DE72000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8E13E000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0x8DEB9000 C:\Windows\System32\drivers\Tppwr32v.sys 24576 bytes
0x8DE6D000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x9742C000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0xA8283000 C:\Windows\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0x90768000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9076C000 C:\Windows\system32\DRIVERS\ibmpmdrv.sys 16384 bytes (Lenovo., ThinkPad Power Management Driver)
0x9DBE6000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x97428000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8E12E000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0x975FE000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0x8EA07000 C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys 8192 bytes (UPEK Inc., SMI helper driver)
0x8DF24000 C:\Windows\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0x8FBF7000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9074D000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x9742B000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0xA82B2F2E Unknown thread object [ ETHREAD 0x850865F0 ] , 600 bytes


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 64577WU
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 227):
0x82E01000 \SystemRoot\system32\ntkrnlpa.exe
0x83211000 \SystemRoot\system32\halmacpi.dll
0x80BC8000 \SystemRoot\system32\kdcom.dll
0x88A37000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x88AAF000 \SystemRoot\system32\PSHED.dll
0x88AC0000 \SystemRoot\system32\BOOTVID.dll
0x88AC8000 \SystemRoot\system32\CLFS.SYS
0x88B0A000 \SystemRoot\system32\CI.dll
0x88C1B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88C8C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88C9A000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88CE2000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x88CEB000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88CF3000 \SystemRoot\system32\DRIVERS\pci.sys
0x88D1D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88D28000 \SystemRoot\System32\drivers\partmgr.sys
0x88D39000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88D41000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88D4C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88D5C000 \SystemRoot\System32\drivers\volmgrx.sys
0x88DA7000 \SystemRoot\system32\DRIVERS\intelide.sys
0x88DAE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88DBC000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x88DEA000 \SystemRoot\System32\drivers\mountmgr.sys
0x88E3C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x88EFA000 \SystemRoot\system32\DRIVERS\atapi.sys
0x88F03000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88F26000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88F2F000 \SystemRoot\system32\drivers\fltmgr.sys
0x88F63000 \SystemRoot\system32\drivers\fileinfo.sys
0x88F74000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x88F8B000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x89001000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89130000 \SystemRoot\System32\Drivers\msrpc.sys
0x8915B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8916E000 \SystemRoot\System32\Drivers\cng.sys
0x891CB000 \SystemRoot\System32\drivers\pcw.sys
0x891D9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8923B000 \SystemRoot\system32\drivers\ndis.sys
0x892F2000 \SystemRoot\system32\drivers\NETIO.SYS
0x89330000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8943A000 \SystemRoot\System32\drivers\tcpip.sys
0x89583000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x895B4000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x895BD000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x89400000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x89408000 \SystemRoot\System32\Drivers\spldr.sys
0x89355000 \SystemRoot\System32\drivers\rdyboost.sys
0x89410000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x89382000 \SystemRoot\System32\Drivers\mup.sys
0x8942C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89392000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x893C4000 \SystemRoot\system32\DRIVERS\disk.sys
0x893D5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8E0EC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E10B000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8E12E000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8E130000 \SystemRoot\System32\Drivers\Null.SYS
0x8E137000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E13E000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8E144000 \SystemRoot\System32\drivers\vga.sys
0x8E150000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E171000 \SystemRoot\System32\drivers\watchdog.sys
0x8E17E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E186000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E18E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8E196000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E1A1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E1AF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E1C6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E1D1000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x88F95000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DE13000 \SystemRoot\system32\drivers\afd.sys
0x8DE6D000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8DE72000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8DE79000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DE98000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DEA6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DEB9000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x8DEBF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DECF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DF10000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DF1A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DF24000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x8DF26000 \SystemRoot\System32\drivers\discache.sys
0x8DF32000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DF4A000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0x8DF5E000 \SystemRoot\system32\drivers\csc.sys
0x8DFC2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8DFD0000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8E1DB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F401000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FACE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FB85000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8FBBE000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8E000000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x88BB5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E00B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8920D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9022E000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x90641000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x9066D000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90686000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x90697000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x906AB000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x906FD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90715000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90722000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9074D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9074F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9075C000 \SystemRoot\system32\drivers\tpm.sys
0x90768000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9076C000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x90770000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90779000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90786000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90798000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x907B0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x907BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x907DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90217000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x907F5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8FBF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x88FC7000 \SystemRoot\system32\DRIVERS\ks.sys
0x8922C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EA3D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EA81000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EA92000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8EAEC000 \SystemRoot\system32\drivers\portcls.sys
0x8EB1B000 \SystemRoot\system32\drivers\drmk.sys
0x8EB34000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x97431000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x97534000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x975E8000 \SystemRoot\system32\drivers\modem.sys
0x975F5000 \SystemRoot\System32\Drivers\tcusb.sys
0x826D0000 \SystemRoot\System32\win32k.sys
0x97400000 \SystemRoot\System32\drivers\Dxapi.sys
0x9740A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E01A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x97417000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8EB71000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82930000 \SystemRoot\System32\TSDDD.dll
0x82960000 \SystemRoot\System32\cdd.dll
0x82980000 \SystemRoot\System32\ATMFD.DLL
0x8EB7C000 \SystemRoot\system32\drivers\luafv.sys
0x8EB97000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x97428000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8EBCE000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0x8EBD7000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x9742B000 \SystemRoot\System32\DLA\DLADResM.SYS
0x8EBE2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x9742C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x975FE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x8EA00000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys
0x8EA07000 \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
0x8EA09000 \SystemRoot\system32\drivers\WudfPf.sys
0x8EA23000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x8EA2A000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x891E2000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x88E00000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x8E0D8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9DA24000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9DA6A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9DA7A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9DA8D000 \SystemRoot\system32\drivers\HTTP.sys
0x9DB12000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9DB2B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9DB3D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DB60000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9DB9B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9DBCE000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0x9DBD5000 \SystemRoot\System32\Drivers\adfs.SYS
0x9DBE6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA2619000 \SystemRoot\system32\drivers\peauth.sys
0xA26B0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA26BA000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys
0xA2745000 \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys
0xA277A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA279B000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA27A8000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA27B0000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA8229000 \SystemRoot\System32\DRIVERS\srv.sys
0xA827A000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0xA8283000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xA82F2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA82FB000 \SystemRoot\System32\Drivers\Normandy.SYS
0x76FD0000 \Windows\System32\ntdll.dll
0x48490000 \Windows\System32\smss.exe
0x77210000 \Windows\System32\apisetschema.dll
0x00660000 \Windows\System32\autochk.exe
0x76E70000 \Windows\System32\ole32.dll
0x771F0000 \Windows\System32\nsi.dll
0x76D30000 \Windows\System32\urlmon.dll
0x77120000 \Windows\System32\msctf.dll
0x76D10000 \Windows\System32\sechost.dll
0x76CE0000 \Windows\System32\imagehlp.dll
0x76CC0000 \Windows\System32\imm32.dll
0x76C20000 \Windows\System32\advapi32.dll
0x76BA0000 \Windows\System32\comdlg32.dll
0x769A0000 \Windows\System32\iertutil.dll
0x76940000 \Windows\System32\difxapi.dll
0x768E0000 \Windows\System32\shlwapi.dll
0x76810000 \Windows\System32\user32.dll
0x77110000 \Windows\System32\normaliz.dll
0x76780000 \Windows\System32\oleaut32.dll
0x76730000 \Windows\System32\gdi32.dll
0x76680000 \Windows\System32\msvcrt.dll
0x76640000 \Windows\System32\ws2_32.dll
0x76560000 \Windows\System32\kernel32.dll
0x75910000 \Windows\System32\shell32.dll
0x75900000 \Windows\System32\lpk.dll
0x75870000 \Windows\System32\clbcatq.dll
0x75860000 \Windows\System32\psapi.dll
0x757B0000 \Windows\System32\rpcrt4.dll
0x756B0000 \Windows\System32\wininet.dll
0x75610000 \Windows\System32\usp10.dll
0x75470000 \Windows\System32\setupapi.dll
0x75420000 \Windows\System32\Wldap32.dll
0x753F0000 \Windows\System32\cfgmgr32.dll
0x753A0000 \Windows\System32\KernelBase.dll
0x75380000 \Windows\System32\devobj.dll
0x75350000 \Windows\System32\wintrust.dll
0x752C0000 \Windows\System32\comctl32.dll
0x751A0000 \Windows\System32\crypt32.dll
0x75190000 \Windows\System32\msasn1.dll

Processes (total 100):
0 System Idle Process
4 System
352 C:\Windows\System32\smss.exe
476 csrss.exe
536 csrss.exe
544 C:\Windows\System32\wininit.exe
592 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\winlogon.exe
772 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\ibmpmsvc.exe
932 C:\Windows\System32\svchost.exe
984 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1120 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\svchost.exe
1636 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1772 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
1936 C:\Windows\System32\spoolsv.exe
1972 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\IPSSVC.EXE
608 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
1836 C:\Windows\System32\AEADISRV.EXE
1544 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
396 C:\Program Files\Bonjour\mDNSResponder.exe
2040 C:\Windows\System32\svchost.exe
1084 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2264 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2392 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
2468 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
2924 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
2952 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2976 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3024 C:\Windows\System32\svchost.exe
3088 C:\Windows\System32\TPHDEXLG.exe
3120 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
3164 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
3248 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
3292 C:\Windows\System32\drivers\XAudio.exe
3312 C:\Program Files\Xobni\XobniService.exe
3880 C:\Windows\System32\taskhost.exe
3944 C:\Windows\System32\dwm.exe
4028 C:\Windows\explorer.exe
2072 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
2348 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
2540 C:\Program Files\Lenovo\System Update\SUService.exe
2592 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
2384 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
3288 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
2696 C:\Windows\System32\svchost.exe
4100 C:\Windows\System32\WerFault.exe
4348 C:\Windows\System32\rundll32.exe
4692 C:\Windows\System32\rundll32.exe
4724 C:\Windows\System32\rundll32.exe
4912 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4976 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
5000 C:\Program Files\Analog Devices\Core\smax4pnp.exe
5012 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
5136 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
5160 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
5304 C:\Program Files\Citrix\ICA Client\concentr.exe
5336 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
5356 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
5440 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
5504 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
5528 C:\Windows\System32\TpShocks.exe
5584 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
5608 C:\Program Files\Zune\ZuneLauncher.exe
5676 C:\Windows\System32\rundll32.exe
5724 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
5760 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
5804 C:\Program Files\Microsoft Security Essentials\msseces.exe
5872 C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe
5948 C:\Users\Drew\AppData\Roaming\Google\Google Talk\googletalk.exe
6088 C:\Program Files\Logitech\Logitech Vid\Vid.exe
6116 C:\Users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe
468 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
5496 C:\Windows\System32\SearchIndexer.exe
6108 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
4968 C:\Users\Drew\AppData\Local\Google\Chrome\Application\chrome.exe
2640 Q:\140062.enu\Office14\ONENOTEM.EXE
2228 C:\Users\Drew\AppData\Local\Google\Chrome\Application\chrome.exe
5540 C:\Users\Drew\AppData\Local\Google\Chrome\Application\chrome.exe
1404 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
6028 C:\Windows\servicing\TrustedInstaller.exe
6124 C:\Windows\System32\wuauclt.exe
6112 C:\Users\Drew\Downloads\OTL.exe
2080 C:\Users\Drew\AppData\Local\Google\Chrome\Application\chrome.exe
3380 C:\Windows\System32\notepad.exe
4952 C:\Windows\System32\notepad.exe
4612 C:\Windows\System32\audiodg.exe
2568 RKUnhookerLE.EXE
4284 C:\Windows\System32\SearchProtocolHost.exe
2088 C:\Windows\System32\SearchFilterHost.exe
480 C:\Users\Drew\Desktop\MBRCheck.exe
3436 C:\Windows\System32\conhost.exe
2584 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`ada00000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: HITACHIHTS722016K9SA00, Rev: DCDZC75A

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 19 September 2010 - 12:18 PM

I see you have run Combofix unsupervised.....this is ill advised!!

excl.gif This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! excl.gif

I would like to see your most recent CF logs. You will find them @ C:\ComboFix.txt

Please also do this...
  • Press the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Copy and past the following into the box
CODE
C:\Qoobox\ComboFix-quarantined-files.txt
  • Click ok
  • Copy and paste the report into this topic for me to review

Are you still getting the Avast warnings about Bamital?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 Sny

Sny
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 19 September 2010 - 12:28 PM

ComboFix 10-09-17.04 - Drew 09/18/2010 16:47:50.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2030.1283 [GMT -4:00]
Running from: C:\Users\Drew\Downloads\ComboFix.exe
* Created a new restore point
.
I got message "Windows cannot find CQoobox\ComboFix-quarantined-files.txt'. Make sure you typed the name correctly, and then try again.




#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 19 September 2010 - 02:47 PM

You did not answer my question.
QUOTE
Are you still getting the Avast warnings about Bamital?


You did not post your entire Combofix log for my review. It is at c:\combofix.txt.

Do this...
  1. Answer my question
  2. Navigate to C:\combofix.txt and copy/paste the log in your next reply
  3. Navigate to C:\Qoobox\ComboFix-quarantined-files.txt and copy/paste the log in your next reply

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 Sny

Sny
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 20 September 2010 - 05:31 PM

1. I am not receiving Bamital.C message in Avast. The last Avast system scan showed No Virus Found.

2. I cannot locate C:\ComboFix.txt. I have looked in the C: folder, searched program and files and cannot find it.

3. I cannot find C:\Qoobox either.

I see both in the log I posted but I can't find them anywhere on my system.





#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 20 September 2010 - 07:33 PM

Do this next..

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

==========

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    CODE
    :filefind
    *explorer*
    *wininit*
    *hlp.dat

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 Sny

Sny
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 23 September 2010 - 09:06 PM

ESET has frozen three times after 30 minute downloads. I'm going to keep trying.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4678

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/23/2010 8:25:59 PM
mbam-log-2010-09-23 (20-25-59).txt

Scan type: Quick scan
Objects scanned: 161229
Time elapsed: 15 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SystemLook 04.09.10 by jpshortstuff
Log created at 21:52 on 23/09/2010 by Drew
Administrator - Elevation successful

========== filefind ==========

Searching for "*explorer*"
C:\$WINDOWS.~Q\DATA\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 1423 bytes [21:37 25/10/2009] [21:37 25/10/2009] F74B65628920B2CD2602B8A671606821
C:\$WINDOWS.~Q\DATA\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1473 bytes [21:37 25/10/2009] [21:37 25/10/2009] 3234E727B4D356461A5D0142CE5ED4D4
C:\$WINDOWS.~Q\DATA\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 1423 bytes [01:40 28/11/2009] [01:40 28/11/2009] B753B606256C2BABB6D7AB439CFCBCD3
C:\$WINDOWS.~Q\DATA\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1473 bytes [01:39 28/11/2009] [01:40 28/11/2009] 950CF26051BE5DE5DCA02E8C303F0EB6
C:\$WINDOWS.~Q\DATA\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~8.0.7100.0.cat --a---- 9054 bytes [09:00 22/04/2009] [07:11 22/04/2009] EF516BC23FAFEE91234CCD1F06E603FF
C:\$WINDOWS.~Q\DATA\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7100.0.cat --a---- 11092 bytes [08:52 22/04/2009] [06:11 22/04/2009] 4FB8387A0F64CF8BC42849A2A7ECC2CF
C:\$WINDOWS.~Q\DATA\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~8.0.7100.0.cat --a---- 29320 bytes [09:00 22/04/2009] [07:11 22/04/2009] 7224B67AC6876FCDB25CD618444F9367
C:\$WINDOWS.~Q\DATA\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~8.0.7100.0.cat --a---- 145405 bytes [08:52 22/04/2009] [06:11 22/04/2009] D44E3AD36DDFC8D5AC917C5F7C0BA65B
C:\ComboFix\explorer.exe.ND_ --a---- 42 bytes [20:58 18/09/2010] [20:58 18/09/2010] 8B70EA25DDC4F3E24D1D4829701C4F68
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_5.0.txt --a---- 117 bytes [21:24 10/09/2008] [21:24 10/09/2008] A06884D9F473883EAE6827EECCF9DE74
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_5.0_CSS.xml --a---- 33394 bytes [21:24 10/09/2008] [21:24 10/09/2008] 0C079B91667B848680830CA18050C164
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_5.2_Mac.txt --a---- 129 bytes [21:24 10/09/2008] [21:24 10/09/2008] 2AED197141BF7A220216801EF2BD40C0
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_5.2_Mac_CSS.xml --a---- 34656 bytes [21:24 10/09/2008] [21:24 10/09/2008] F37FC6E0AD00984D7DD2F589DB060399
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_5.5.txt --a---- 115 bytes [21:24 10/09/2008] [21:24 10/09/2008] 51BB9C74AF8FED8DC793E20C5766AE12
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_5.5_CSS.xml --a---- 32581 bytes [21:24 10/09/2008] [21:24 10/09/2008] 16857AE313CC302BED4D8CE172C9B80D
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_6.0.txt --a---- 117 bytes [21:24 10/09/2008] [21:24 10/09/2008] C3EAB623994D6C290DFFE0B47F2D2D95
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_6.0_CSS.xml --a---- 36604 bytes [21:24 10/09/2008] [21:24 10/09/2008] 21F5156C73DBDE85125327D819390AAC
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_7.0.txt --a---- 117 bytes [21:24 10/09/2008] [21:24 10/09/2008] A4E1472326FF88CA1335B8723E0C8BE4
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_7.0_CSS.xml --a---- 36394 bytes [21:24 10/09/2008] [21:24 10/09/2008] FE27A6F8EB180A778EDBE6FEBE407F9F
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_8.0.txt --a---- 117 bytes [21:24 10/09/2008] [21:24 10/09/2008] 4C499429BDEA26B3C434563BF260BA3E
C:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\BrowserProfiles\Internet_Explorer_8.0_CSS.xml --a---- 38795 bytes [21:24 10/09/2008] [21:24 10/09/2008] 9D1AEFA6C097DCAA1091A8EEF8705B71
C:\Program Files\Common Files\Adobe\Help\de_DE\Acrobat Pro 3D\9.0\images\ExplorerSelect.png --a---- 588 bytes [09:32 22/05/2008] [09:32 22/05/2008] D7A30DEED22421BC84EC21F2A911CD90
C:\Program Files\Common Files\Adobe\Help\en_US\Acrobat Pro 3D\9.0\images\ExplorerSelect.png -ra---- 588 bytes [14:33 14/05/2008] [14:33 14/05/2008] D7A30DEED22421BC84EC21F2A911CD90
C:\Program Files\Common Files\Adobe\Help\fr_FR\Acrobat Pro 3D\9.0\images\ExplorerSelect.png --a---- 588 bytes [07:46 22/05/2008] [07:46 22/05/2008] D7A30DEED22421BC84EC21F2A911CD90
C:\Program Files\Lenovo\Rescue and Recovery\Migration\bin\Apps\Microsoft_Internet_Explorer.xml --a---- 12314 bytes [20:09 11/12/2007] [23:50 04/12/2006] 721A8680E11BE9E3D9FFFEF9B727D72A
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip --a---- 20394 bytes [03:48 07/03/2006] [03:48 07/03/2006] B469409C2B2A33C542190B720E11BD79
C:\Program Files\ThinkPad\Bluetooth Software\btsendto_explorer.exe --a---- 174896 bytes [21:11 29/03/2007] [21:11 29/03/2007] 7DB6A4068412E28E050B5D35D06061B1
C:\Program Files\ThinkVantage\SMA\apps\Microsoft_Internet_Explorer.xml --a---- 12324 bytes [18:53 27/02/2007] [18:53 27/02/2007] 3FC5EC0A388C92CD9C4EA05A9D7A7FED
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 258 bytes [04:42 14/07/2009] [04:42 14/07/2009] AE1153973EEE2A7F3661B03D33987AC7
C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir --a---- 2614272 bytes [00:07 03/04/2010] [05:45 31/10/2009] (Unable to calculate MD5)
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk --a---- 258 bytes [04:42 14/07/2009] [04:42 14/07/2009] AE1153973EEE2A7F3661B03D33987AC7
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 955 bytes [03:06 10/11/2006] [13:02 02/11/2006] 613E0A588F57387D7DB47F5984786575
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1228 bytes [04:37 14/07/2009] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 985 bytes [03:06 10/11/2006] [13:02 02/11/2006] C7D9CF527D59055D8DBC3E85B524860B
C:\Users\Drew\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms --a---- 32768 bytes [16:03 01/05/2010] [00:23 24/09/2010] C74B5FED6E6FD8CF8A625AF52F05B332
C:\Users\Drew\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl --a---- 24576 bytes [12:13 01/04/2010] [12:14 01/04/2010] 15796BFE34F679A8B69F9011BC3B1245
C:\Users\Drew\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl --a---- 16384 bytes [12:13 01/04/2010] [14:17 19/09/2010] 15375C7EA712F986EB9E660D31336C90
C:\Users\Drew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6LNRF5T\explorer_sprite[1].gif --a---- 8184 bytes [01:11 24/09/2010] [01:11 24/09/2010] 242CD65357112F594B7E69E2AF12A71B
C:\Users\Drew\AppData\Local\yoono\sidebar\friends\explorerPop.html -ra---- 5431 bytes [11:16 16/06/2009] [16:48 13/11/2008] 561D0BE0C06A0B976DA4FEC526C43E95
C:\Users\Drew\AppData\Local\yoono\sidebar\friends\css\explorerPop.css -ra---- 5866 bytes [11:16 16/06/2009] [16:48 13/11/2008] A3F9C57CD473D05918B88C1D9AC09FD3
C:\Users\Drew\AppData\Local\yoono\sidebar\friends\js\explorerPop.js -ra---- 22791 bytes [11:17 16/06/2009] [16:48 13/11/2008] D64D50D403D1AE6CFF3CA66525147EA2
C:\Users\Drew\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp --a---- 820890 bytes [17:10 25/01/2008] [02:54 19/02/2009] 9C3EA54206E51D49BFB669A0B19BEA00
C:\Users\Drew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk --a---- 953 bytes [02:03 21/04/2009] [02:03 21/04/2009] 656BAEA79BD7BA3E16422B45A7869531
C:\Users\Drew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a---- 1417 bytes [04:47 16/06/2009] [12:14 01/04/2010] 9D701B3138D0A7DAB1C602E0EF12406A
C:\Users\Drew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk --a---- 1423 bytes [04:47 16/06/2009] [12:14 01/04/2010] 15EDDBAC8E315E42E60A1734EA261439
C:\Users\Drew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk --a---- 1228 bytes [04:47 16/06/2009] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 1423 bytes [12:14 01/04/2010] [12:14 01/04/2010] 15EDDBAC8E315E42E60A1734EA261439
C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1228 bytes [06:15 01/04/2010] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1473 bytes [12:14 01/04/2010] [12:14 01/04/2010] 94B9B32013647B8A929B757D1E609411
C:\Users\Drew\Data Backup from Dell Inspiron\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp --a---- 3932214 bytes [20:37 15/02/2008] [20:32 16/03/2006] F343FB10E13529311D55AE3E47457569
C:\Users\Drew\Data Backup from Dell Inspiron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a---- 815 bytes [20:37 15/02/2008] [18:00 28/10/2006] 2B0C800290CE6D7160C1B6EB0EF98AD0
C:\Users\Drew\Data Backup from Dell Inspiron\Favorites\Internet Explorer 7 Beta 2 Preview checklists.url --a---- 115 bytes [20:38 15/02/2008] [03:31 15/02/2006] 67861EA6E6C03B7099FDCA5AA30C4F27
C:\Users\Drew\Downloads\Windows 7\sources\dlmanifests\explorer-dl.man --a---- 2571 bytes [03:39 01/04/2010] [09:26 14/07/2009] 87354E386F0C6B4D1FD4D9301A468C76
C:\Users\Drew\Downloads\Windows 7\sources\dlmanifests\microsoft-windows-ie-internetexplorer-dl.man --a---- 12749 bytes [03:39 01/04/2010] [09:26 14/07/2009] 4C0AF26AE7CB4A8231D81A3FF382FC05
C:\Users\Drew\Downloads\Windows 7\sources\replacementmanifests\microsoft-windows-ie-internetexplorer-repl.man --a---- 33037 bytes [03:40 01/04/2010] [09:26 14/07/2009] BC453CA6B054CC5BD5CD3579B244945D
C:\Users\Marilyn\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl --a---- 24576 bytes [01:24 31/05/2010] [01:25 31/05/2010] E8DABC7CF1984DD16DFBBBCAAA0D3306
C:\Users\Marilyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a---- 1417 bytes [03:53 17/01/2010] [01:24 31/05/2010] 6B3A3B2D98B9F3329FA54DAAECD7DDF7
C:\Users\Marilyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk --a---- 1423 bytes [01:40 28/11/2009] [01:24 31/05/2010] A209A4F7FCBAB8E7AAA2D691DC48194F
C:\Users\Marilyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk --a---- 1228 bytes [01:40 28/11/2009] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk --a---- 1423 bytes [01:24 31/05/2010] [01:24 31/05/2010] A209A4F7FCBAB8E7AAA2D691DC48194F
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk --a---- 1228 bytes [06:15 01/04/2010] [04:37 14/07/2009] 27FF34BF928BA01B47874350492B6F26
C:\Users\Marilyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk --a---- 1473 bytes [01:24 31/05/2010] [01:24 31/05/2010] 4FBD34114B35B6F2448CF848FAB48409
C:\Windows\explorer.exe --a---- 2614272 bytes [00:07 03/04/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\en-US\explorer.exe.mui --a---- 22016 bytes [04:54 14/07/2009] [02:06 14/07/2009] B9F4B1CA23D60775736059D72BA48526
C:\Windows\PolicyDefinitions\Explorer.admx --a---- 3836 bytes [21:56 13/07/2009] [21:34 10/06/2009] AD131A834808E6AFF4A3918DE05BFCF6
C:\Windows\PolicyDefinitions\GameExplorer.admx --a---- 2256 bytes [21:56 13/07/2009] [21:20 10/06/2009] 7223A757158F86DD27EC7D0D43C682AD
C:\Windows\PolicyDefinitions\WindowsExplorer.admx --a---- 35942 bytes [21:56 13/07/2009] [21:34 10/06/2009] 6BBA1E311D9D0E64713CFD0C6C74CBF4
C:\Windows\PolicyDefinitions\en-US\Explorer.adml --a---- 3695 bytes [04:54 14/07/2009] [02:07 14/07/2009] 7A4C7F3CB156543113596988479CAFCE
C:\Windows\PolicyDefinitions\en-US\GameExplorer.adml --a---- 1897 bytes [04:54 14/07/2009] [02:02 14/07/2009] 85EE206DDBF793929AC0467A02312D46
C:\Windows\PolicyDefinitions\en-US\WindowsExplorer.adml --a---- 48102 bytes [04:55 14/07/2009] [02:09 14/07/2009] 381BD4BC11B62CE13B187113D5C8B7F7
C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf --a---- 84398 bytes [13:10 16/09/2010] [22:35 20/09/2010] 2FE1C1EB1A6FA27A57286FEE24E52EBF
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.cat --a---- 9069 bytes [04:56 14/07/2009] [03:22 14/07/2009] 0E6B0FDE58C3C62ADD13C4F93C6D0D41
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.mum --a---- 1497 bytes [04:56 14/07/2009] [02:10 14/07/2009] CCA4D02437C0F19CF6EE83A27FAA637C
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7600.16385.cat --a---- 11092 bytes [04:49 14/07/2009] [02:19 14/07/2009] 68A67D61E67FDA8E35C5CEA51FB65C9B
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7600.16385.mum --a---- 1497 bytes [04:49 14/07/2009] [20:45 13/07/2009] E55032CA3E031D551D70CD39BB0DBCEB
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.cat --a---- 29335 bytes [04:56 14/07/2009] [03:22 14/07/2009] 173F1ACA71C7DF68639A5F521486B2AF
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.mum --a---- 1283 bytes [04:56 14/07/2009] [02:10 14/07/2009] 55A46C123A9970C413E685DF579805F8
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~8.0.7600.16385.cat --a---- 145468 bytes [04:49 14/07/2009] [02:22 14/07/2009] 14B25D07EA66911EA244F17E435A9981
C:\Windows\servicing\Packages\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~8.0.7600.16385.mum --a---- 1244 bytes [04:49 14/07/2009] [20:45 13/07/2009] 7083A6AC19C07CFD5C36576E0825E23E
C:\Windows\System32\ExplorerFrame.dll --a---- 1495040 bytes [23:44 13/07/2009] [01:15 14/07/2009] FD13400115D3D0D70E087AB826DF593A
C:\Windows\System32\networkexplorer.dll --a---- 1661440 bytes [23:53 13/07/2009] [01:16 14/07/2009] 4A056D7392F31EDA3AE1975E7010D7E3
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.cat --a---- 9069 bytes [04:56 14/07/2009] [03:22 14/07/2009] 0E6B0FDE58C3C62ADD13C4F93C6D0D41
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~x86~~8.0.7600.16385.cat --a---- 11092 bytes [04:49 14/07/2009] [02:19 14/07/2009] 68A67D61E67FDA8E35C5CEA51FB65C9B
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~en-US~8.0.7600.16385.cat --a---- 29335 bytes [04:56 14/07/2009] [03:22 14/07/2009] 173F1ACA71C7DF68639A5F521486B2AF
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~x86~~8.0.7600.16385.cat --a---- 145468 bytes [04:49 14/07/2009] [02:22 14/07/2009] 14B25D07EA66911EA244F17E435A9981
C:\Windows\System32\en-US\explorerframe.dll.mui --a---- 18432 bytes [04:54 14/07/2009] [02:03 14/07/2009] BC486AFF277CD6AE2406FA1FE1B09D56
C:\Windows\System32\en-US\NetworkExplorer.dll.mui --a---- 6656 bytes [04:54 14/07/2009] [02:04 14/07/2009] 9701FCD12B3528411048A0D23A27A403
C:\Windows\System32\migwiz\dlmanifests\explorer-DL.man --a---- 2571 bytes [21:19 10/06/2009] [21:19 10/06/2009] 87354E386F0C6B4D1FD4D9301A468C76
C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12749 bytes [20:44 13/07/2009] [02:11 02/07/2009] 4C0AF26AE7CB4A8231D81A3FF382FC05
C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-IE-InternetExplorer-repl.man --a---- 33037 bytes [20:44 13/07/2009] [02:11 02/07/2009] BC453CA6B054CC5BD5CD3579B244945D
C:\Windows\System32\spp\tokens\ppdlic\explorer-ppdlic.xrm-ms --a---- 3065 bytes [00:07 03/04/2010] [05:59 31/10/2009] 4EEC220C7268BEDA3A76C9622EAFB6BB
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx --a---- 69632 bytes [03:03 10/11/2006] [03:06 10/11/2006] A55FE49683C29388694AF6AC8D49B480
C:\Windows\winsxs\Backup\x86_microsoft-windows-e..orerframe.resources_31bf3856ad364e35_6.1.7600.16385_en-us_534f06a653f639de_explorerframe.dll.mui_074caeb5 --a---- 18432 bytes [04:56 14/07/2009] [04:56 14/07/2009] BC486AFF277CD6AE2406FA1FE1B09D56
C:\Windows\winsxs\Backup\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16385_none_c2535f86d5247c4b.manifest --a---- 46850 bytes [02:19 14/07/2009] [02:18 14/07/2009] C3A3A05890BEFE40188AADD02C4E4F5C
C:\Windows\winsxs\Backup\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16385_none_c2535f86d5247c4b_explorerframe.dll_f3ae0f78 --a---- 1495040 bytes [02:19 14/07/2009] [02:18 14/07/2009] FD13400115D3D0D70E087AB826DF593A
C:\Windows\winsxs\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms --a---- 4160 bytes [02:19 14/07/2009] [07:06 12/08/2010] 9761EA1F85A2E03837A168CF401F077D
C:\Windows\winsxs\FileMaps\program_files_internet_explorer_en-us_2650c83f8a48b821.cdf-ms --a---- 2704 bytes [04:56 14/07/2009] [04:56 14/07/2009] 87CEF3BC66A0E4A6F2AACE7427F5B139
C:\Windows\winsxs\Manifests\x86_microsoft-windows-e..orkexplorersettings_31bf3856ad364e35_6.1.7600.16385_none_b10b3efc38367506.manifest --a---- 4276 bytes [01:49 14/07/2009] [01:44 14/07/2009] 254998FE06214E791BAB8F9489C10741
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065.manifest --a---- 2146 bytes [04:54 14/07/2009] [02:28 14/07/2009] A7A71DBDBB58D2B9A16B53112AA6CB98
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16385_none_c2535f86d5247c4b.manifest --a---- 46850 bytes [02:03 14/07/2009] [01:53 14/07/2009] C3A3A05890BEFE40188AADD02C4E4F5C
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430.manifest --a---- 98185 bytes [02:03 14/07/2009] [01:47 14/07/2009] 429C0097C3A7DDF7254FBA9263AA2DE3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878.manifest ------- 98185 bytes [00:05 03/04/2010] [12:20 03/08/2009] B86A48DDFFE3CC3CC4AA6B334BD64D82
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1.manifest ------- 98185 bytes [00:05 03/04/2010] [06:15 31/10/2009] AC479F402AC458C10DEE76E8DBF451C7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6.manifest ------- 98185 bytes [00:05 03/04/2010] [12:32 03/08/2009] 12E81217DB91BAE7971963D27049513D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691.manifest ------- 98185 bytes [00:05 03/04/2010] [08:05 31/10/2009] D1D11ECF39A765A450370B6B997A03D4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-gameexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_56dbccbc86b1ad11.manifest --a---- 2767 bytes [01:52 14/07/2009] [01:52 14/07/2009] 9F9F777D765F485BB6603536A20714E4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e7baabfd05e5435.manifest --a---- 2959 bytes [04:54 14/07/2009] [02:28 14/07/2009] 6806DF6BEBECA9FE94ACC9A25BA8D454
C:\Windows\winsxs\Manifests\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7600.16385_none_41d6a532229096ec.manifest --a---- 41579 bytes [01:55 14/07/2009] [01:55 14/07/2009] 4340A5853875D9BD8F3462A3664165B2
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2.manifest --a---- 43816 bytes [01:58 14/07/2009] [01:58 14/07/2009] 3BA1D40362755D9F511915CD8FED4C0D
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..explorer-deployment_31bf3856ad364e35_8.0.7600.16385_none_6857ecc1f16095bc.manifest --a---- 19130 bytes [04:48 14/07/2009] [04:48 14/07/2009] B1D1F19665AC2E90C0AA4957F0AEBD15
C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.7600.16385_en-us_581d10712d1af452.manifest --a---- 2181 bytes [04:54 14/07/2009] [02:29 14/07/2009] 76B77D48608B1AC31BEA00B1BD81DBC7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_49f29d63f2540eb7.manifest --a---- 77118 bytes [01:52 14/07/2009] [01:52 14/07/2009] A368A70A37D62628F3485A029A066F28
C:\Windows\winsxs\Manifests\x86_microsoft-windows-interface-explorer_31bf3856ad364e35_6.1.7600.16385_none_95606e4cece83916.manifest --a---- 963 bytes [02:03 14/07/2009] [01:46 14/07/2009] BCF6AD0DD5FA473B709AC222F682B6AA
C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_87a958d2890f3511.manifest --a---- 3764 bytes [04:54 14/07/2009] [02:29 14/07/2009] AE0A19B88D4387BB778437DC48816DB3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7600.16385_none_4028b735a733f10a.manifest --a---- 14794 bytes [02:03 14/07/2009] [01:58 14/07/2009] 22F7DE323689E59E1F9AC62127190D34
C:\Windows\winsxs\Manifests\x86_microsoft-windows-search-explorer_31bf3856ad364e35_6.1.7600.16385_none_935b9b74b2c3e897.manifest --a---- 5897 bytes [01:55 14/07/2009] [01:46 14/07/2009] 92E83409F5961DD50ACB2CE7A7C1359A
C:\Windows\winsxs\Manifests\x86_microsoft-windows-shell-internetexplorer_31bf3856ad364e35_6.1.7600.16385_none_842741c3b32bd40e.manifest --a---- 1140 bytes [02:03 14/07/2009] [01:46 14/07/2009] CC92C7BAC1542EB5A5F405D347688069
C:\Windows\winsxs\Manifests\x86_microsoft-windows-windowsexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_f03d2d15172c49f0.manifest --a---- 2779 bytes [01:47 14/07/2009] [01:47 14/07/2009] DFD9FC8E971271D3B968A10292A89195
C:\Windows\winsxs\x86_microsoft-windows-e..orerframe.resources_31bf3856ad364e35_6.1.7600.16385_en-us_534f06a653f639de\explorerframe.dll.mui --a---- 18432 bytes [04:54 14/07/2009] [02:03 14/07/2009] BC486AFF277CD6AE2406FA1FE1B09D56
C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui --a---- 22016 bytes [04:54 14/07/2009] [02:06 14/07/2009] B9F4B1CA23D60775736059D72BA48526
C:\Windows\winsxs\x86_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7600.16385_none_c2535f86d5247c4b\ExplorerFrame.dll --a---- 1495040 bytes [23:44 13/07/2009] [01:15 14/07/2009] FD13400115D3D0D70E087AB826DF593A
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer-ppdlic.xrm-ms --a---- 3065 bytes [01:25 14/07/2009] [01:25 14/07/2009] F7DC315BA4E465D20EA75B88D5C3A5F8
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe --a---- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer-ppdlic.xrm-ms --a---- 3065 bytes [00:06 03/04/2010] [05:55 03/08/2009] 179322B1AF820EF73EB6231B312A3112
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe --a---- 2613248 bytes [00:06 03/04/2010] [05:35 03/08/2009] B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer-ppdlic.xrm-ms --a---- 3065 bytes [00:07 03/04/2010] [05:59 31/10/2009] 4EEC220C7268BEDA3A76C9622EAFB6BB
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe --a---- 2614272 bytes [00:07 03/04/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer-ppdlic.xrm-ms --a---- 3065 bytes [00:06 03/04/2010] [06:13 03/08/2009] E2FD11462CF95BB25A8440C7F2C2D1E9
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe --a---- 2613248 bytes [00:06 03/04/2010] [05:49 03/08/2009] 9FF6C4C91A3711C0A3B18F87B08B518D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer-ppdlic.xrm-ms --a---- 3065 bytes [00:07 03/04/2010] [06:09 31/10/2009] F88A36EEF75E6F1E24E9BCD244E33B01
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe --a---- 2614272 bytes [00:07 03/04/2010] [06:00 31/10/2009] C76153C7ECA00FA852BB0C193378F917
C:\Windows\winsxs\x86_microsoft-windows-g..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4d70f26fdcde6530\GameExplorer.adml --a---- 1897 bytes [04:54 14/07/2009] [02:02 14/07/2009] 85EE206DDBF793929AC0467A02312D46
C:\Windows\winsxs\x86_microsoft-windows-gameexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_56dbccbc86b1ad11\GameExplorer.admx --a---- 2256 bytes [21:56 13/07/2009] [21:20 10/06/2009] 7223A757158F86DD27EC7D0D43C682AD
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_024f0ba1e4ed554c\explorer-DL.man --a---- 2571 bytes [21:19 10/06/2009] [21:19 10/06/2009] 87354E386F0C6B4D1FD4D9301A468C76
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_024f0ba1e4ed554c\Microsoft-Windows-IE-InternetExplorer-DL.man --a---- 12749 bytes [20:44 13/07/2009] [02:11 02/07/2009] 4C0AF26AE7CB4A8231D81A3FF382FC05
C:\Windows\winsxs\x86_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7600.16385_none_fbcab2314ccb2104\Microsoft-Windows-IE-InternetExplorer-repl.man --a---- 33037 bytes [20:44 13/07/2009] [02:11 02/07/2009] BC453CA6B054CC5BD5CD3579B244945D
C:\Windows\winsxs\x86_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_87a958d2890f3511\NetworkExplorer.dll.mui --a---- 6656 bytes [04:54 14/07/2009] [02:04 14/07/2009] 9701FCD12B3528411048A0D23A27A403
C:\Windows\winsxs\x86_microsoft-windows-networkexplorer_31bf3856ad364e35_6.1.7600.16385_none_4028b735a733f10a\networkexplorer.dll --a---- 1661440 bytes [23:53 13/07/2009] [01:16 14/07/2009] 4A056D7392F31EDA3AE1975E7010D7E3
C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml --a---- 3695 bytes [04:54 14/07/2009] [02:07 14/07/2009] 7A4C7F3CB156543113596988479CAFCE
C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx --a---- 3836 bytes [21:56 13/07/2009] [21:34 10/06/2009] AD131A834808E6AFF4A3918DE05BFCF6
C:\Windows\winsxs\x86_microsoft-windows-w..lorer-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c373de2e0418dd6f\WindowsExplorer.adml --a---- 48102 bytes [04:55 14/07/2009] [02:09 14/07/2009] 381BD4BC11B62CE13B187113D5C8B7F7
C:\Windows\winsxs\x86_microsoft-windows-windowsexplorer-adm_31bf3856ad364e35_6.1.7600.16385_none_f03d2d15172c49f0\WindowsExplorer.admx --a---- 35942 bytes [21:56 13/07/2009] [21:34 10/06/2009] 6BBA1E311D9D0E64713CFD0C6C74CBF4

Searching for "*wininit*"
C:\$WINDOWS.~Q\DATA\Windows\wininit.ini --a---- 120 bytes [19:54 11/12/2007] [19:54 11/12/2007] 123782FDAC6072948187E119D3355191
C:\$WINDOWS.~Q\DATA\Windows\System32\wbem\en-US\wininit.mfl --a---- 714 bytes [08:59 22/04/2009] [06:00 22/04/2009] 4CE464D75D5ABBC3566BD58D6D6C3630
C:\ComboFix\wininit.exe.ND_ --a---- 42 bytes [20:57 18/09/2010] [20:57 18/09/2010] 54F0DCD738CBD64AFFAD8A2ECC38DACF
C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] (Unable to calculate MD5)
C:\Windows\wininit.ini --a---- 120 bytes [19:54 11/12/2007] [19:54 11/12/2007] 123782FDAC6072948187E119D3355191
C:\Windows\PolicyDefinitions\WinInit.admx --a---- 1955 bytes [21:50 13/07/2009] [21:43 10/06/2009] F66D412710F29E576EAF728735E0A520
C:\Windows\PolicyDefinitions\en-US\WinInit.adml --a---- 2026 bytes [04:55 14/07/2009] [02:07 14/07/2009] 5A55EFE78F5DE3C24FAD6717DE1A550F
C:\Windows\System32\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows\System32\wininit2.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] 785B118B4FDD79DB5396A0E02D862F94
C:\Windows\System32\en-US\wininit.exe.mui --a---- 5120 bytes [04:55 14/07/2009] [02:05 14/07/2009] 0CA1666E3535B8045352649498A8E1A6
C:\Windows\System32\wbem\wininit.mof --a---- 1756 bytes [21:50 13/07/2009] [20:37 13/07/2009] DCAC8F9E0C0E855E43A5F3AFE90B5377
C:\Windows\System32\wbem\en-US\wininit.mfl --a---- 714 bytes [04:55 14/07/2009] [02:09 14/07/2009] 4CE464D75D5ABBC3566BD58D6D6C3630
C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_453be6e96bdadb18.manifest --a---- 2385 bytes [04:56 14/07/2009] [04:56 14/07/2009] 405BF50ADF523362C30ABC6BBBCE046F
C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_453be6e96bdadb18_wininit.exe.mui_997435f5 --a---- 5120 bytes [04:56 14/07/2009] [04:56 14/07/2009] 0CA1666E3535B8045352649498A8E1A6
C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13.manifest --a---- 6046 bytes [02:19 14/07/2009] [02:17 14/07/2009] 0D1BDAC2FC5B6AA6AD48294504CDA38B
C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13_wininit.exe_7a527f28 --a---- 96256 bytes [02:19 14/07/2009] [02:17 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13_wmsgapi.dll_2b5c2330 --a---- 11264 bytes [02:19 14/07/2009] [02:17 14/07/2009] D412B1B72C5AB020218E9A047D90CA05
C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_63b5b48dad59658b.manifest --a---- 2447 bytes [04:54 14/07/2009] [02:28 14/07/2009] AC10F667664D75C052C465E02FBC430F
C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit-adm_31bf3856ad364e35_6.1.7600.16385_none_ddc6dbfea8e7f0b8.manifest --a---- 2747 bytes [01:53 14/07/2009] [01:53 14/07/2009] EB5D4DCFBCE67B67F1C38F01ED471207
C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit-events_31bf3856ad364e35_6.1.7600.16385_none_7d8e4341ddaa9aa7.manifest --a---- 8164 bytes [02:03 14/07/2009] [01:46 14/07/2009] D6A35D73569AED8FA9E141C10A9D4F14
C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_67fe9b5ab462e835.manifest --a---- 2243 bytes [04:54 14/07/2009] [02:28 14/07/2009] F4C9E64AFF0FCF6D25309187BA0C2411
C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit-mof_31bf3856ad364e35_6.1.7600.16385_none_dab7329caadd1b06.manifest --a---- 2221 bytes [02:03 14/07/2009] [01:49 14/07/2009] 94AE43446F699FD376B90E20DA94AB44
C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_453be6e96bdadb18.manifest --a---- 2385 bytes [04:54 14/07/2009] [02:28 14/07/2009] 405BF50ADF523362C30ABC6BBBCE046F
C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13.manifest --a---- 6046 bytes [02:03 14/07/2009] [01:47 14/07/2009] 0D1BDAC2FC5B6AA6AD48294504CDA38B
C:\Windows\winsxs\x86_microsoft-windows-wininit-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_63b5b48dad59658b\WinInit.adml --a---- 2026 bytes [04:55 14/07/2009] [02:07 14/07/2009] 5A55EFE78F5DE3C24FAD6717DE1A550F
C:\Windows\winsxs\x86_microsoft-windows-wininit-adm_31bf3856ad364e35_6.1.7600.16385_none_ddc6dbfea8e7f0b8\WinInit.admx --a---- 1955 bytes [21:50 13/07/2009] [21:43 10/06/2009] F66D412710F29E576EAF728735E0A520
C:\Windows\winsxs\x86_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_67fe9b5ab462e835\wininit.mfl --a---- 714 bytes [04:55 14/07/2009] [02:09 14/07/2009] 4CE464D75D5ABBC3566BD58D6D6C3630
C:\Windows\winsxs\x86_microsoft-windows-wininit-mof_31bf3856ad364e35_6.1.7600.16385_none_dab7329caadd1b06\wininit.mof --a---- 1756 bytes [21:50 13/07/2009] [20:37 13/07/2009] DCAC8F9E0C0E855E43A5F3AFE90B5377
C:\Windows\winsxs\x86_microsoft-windows-wininit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_453be6e96bdadb18\wininit.exe.mui --a---- 5120 bytes [04:55 14/07/2009] [02:05 14/07/2009] 0CA1666E3535B8045352649498A8E1A6
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665

Searching for "*hlp.dat"
No files found.

-= EOF =-

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 23 September 2010 - 09:35 PM

Skip the ESET scan for now.

Please do this next..

excl.gif Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! excl.gif

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

4. Combofix might upload a few suspicious files. Please allow this!! CF will also update. Please allow this!

QUOTE
http://www.bleepingcomputer.com/forums/top...ml#entry1944814

Collect::
C:\Windows\System32\wininit2.exe


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Update then re-run MBAM and post a log.

==========

Perform an online scan with Kaspersky WebScanner. This can take a long time so please be patient.

If you have troubles getting it to run.... - STOP - and tell me about it!

(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the ...button, if you made any changes.
  • Now under the Scan section on the left:
      Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 26 September 2010 - 09:10 PM

Are you still there?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 28 September 2010 - 06:53 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users