Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE 8 Redirect problem


  • This topic is locked This topic is locked
8 replies to this topic

#1 Teksaavy

Teksaavy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 16 November 2011 - 03:53 PM

For the past few days, my web browsers keep getting re-directed to a couple of scam websites like quizfinddomain.com. I've run numerous virus / malware programs to try to get rid of it, but now matter how many times I remove these "trojans", the problems and new files return. I followed your instructions, and I'll attach the dds and gmer printouts I received. I've also gotten TCP/IP stack overflow warnings. It also appears that my INTRANET sites are working OK, they do not re-direct. IS this something to do with the DNS?

Attached Files


Edited by Teksaavy, 17 November 2011 - 12:27 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 20 November 2011 - 09:23 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Teksaavy

Teksaavy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 22 November 2011 - 10:45 AM

OK, a little more info. Web browser re-directs. Keep blocking the OTL files, regardless of file name I choose or extension, I'm going ot boot safe mode and see if I can transfer from thumb drive. Eventually virus shuts down or re-boots my system, I'm doing this from a different desktop computer. Infected machine is a t400 thinkpad with XP sp3 32 bit. I've run malwarebytes, superantispywere, iobit malware fighter, Advanced system care, and ThreatFire. I'm still infected.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 22 November 2011 - 04:36 PM

Hi,

as I have had a lot of users needing to resort to linux live-cds, I would like yo ask you if you happen to own one. If so we could try to fix the PC from the CD and only run the scans once your PC is back online acting more or less normally.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Teksaavy

Teksaavy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 29 November 2011 - 02:39 PM

I was able to run OTL once I moved it during a SAFE mode boot. so whatever was stopping me from moving the file onto my PC does not load/run in safe mode, but DOES during a normal boot. I don't know much about linux, but I guess I could download a version and create a bootable CD if all else fails.
OTL OUTPUTS:

OTL logfile created on: 11/29/2011 9:57:23 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\kmoynih\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.90 Gb Total Physical Memory | 0.30 Gb Available Physical Memory | 15.98% Memory free
3.75 Gb Paging File | 1.59 Gb Available in Paging File | 42.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.36 Gb Total Space | 193.19 Gb Free Space | 66.08% Space Free | Partition Type: NTFS
Drive J: | 150.00 Gb Total Space | 25.61 Gb Free Space | 17.07% Space Free | Partition Type: NTFS
Drive T: | 652.00 Gb Total Space | 127.33 Gb Free Space | 19.53% Space Free | Partition Type: NTFS
Drive V: | 512.01 Gb Total Space | 359.21 Gb Free Space | 70.16% Space Free | Partition Type: NTFS
Drive W: | 150.00 Gb Total Space | 7.54 Gb Free Space | 5.02% Space Free | Partition Type: NTFS
Drive X: | 499.99 Gb Total Space | 34.42 Gb Free Space | 6.88% Space Free | Partition Type: NTFS

Computer Name: CREM-KMOYNIH | User Name: kmoynih | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/22 10:39:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmoynih\Desktop\WEB_Pro.scr
PRC - [2011/11/14 13:29:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/11/14 13:29:24 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/10/08 17:34:22 | 004,441,944 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2011/09/08 08:52:10 | 000,035,840 | ---- | M] (OCS Inventory NG) -- C:\Program Files\OCS Inventory Agent\OcsService.exe
PRC - [2011/09/08 08:52:08 | 000,057,344 | ---- | M] (OCS Inventory NG) -- C:\Program Files\OCS Inventory Agent\OcsSystray.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/09 16:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/08/04 09:50:04 | 000,094,008 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptsrv.exe
PRC - [2011/08/04 09:49:59 | 000,402,744 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptim.exe
PRC - [2011/06/16 21:40:58 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/06/02 00:39:00 | 000,292,200 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2011/06/02 00:39:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011/06/02 00:39:00 | 000,053,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/05/30 14:18:14 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/04/26 15:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/26 15:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/04/26 09:50:48 | 001,227,776 | ---- | M] () -- C:\CalSync.exe
PRC - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/18 13:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/04/14 13:48:52 | 000,193,896 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2011/04/14 13:48:46 | 000,189,800 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2011/04/14 13:48:42 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2011/04/14 13:48:40 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2011/01/12 16:05:00 | 000,992,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
PRC - [2011/01/12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2010/12/20 20:48:36 | 000,488,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/28 19:49:28 | 000,145,936 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/11/23 18:30:28 | 000,155,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/25 16:33:52 | 000,071,520 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetMsg.exe
PRC - [2010/10/25 16:33:50 | 000,080,224 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe
PRC - [2010/10/25 16:33:40 | 000,723,808 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
PRC - [2010/10/25 16:33:20 | 000,354,144 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe
PRC - [2010/10/25 16:33:14 | 000,379,232 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetClient.exe
PRC - [2010/10/25 16:17:00 | 000,210,200 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\AT&T Global Network Client\wwansm\SwiApiMux.exe
PRC - [2010/10/22 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/10/22 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/10/22 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/10/22 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2010/09/22 13:18:46 | 001,463,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2010/09/22 13:18:46 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/16 15:13:40 | 000,531,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Policy Auditor Agent\PASysTray.exe
PRC - [2010/08/11 12:53:12 | 000,200,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Audit Manager\AuditManagerService.exe
PRC - [2010/06/03 18:18:14 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/04/01 13:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/11/18 09:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2009/10/29 10:00:50 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.0\AGCoreService.exe
PRC - [2009/08/04 07:32:00 | 000,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/07/23 03:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\Mouse\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/19 07:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009/03/19 07:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2009/03/12 20:12:52 | 000,172,032 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
PRC - [2009/03/04 23:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/11/24 17:34:02 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2007/09/27 09:53:34 | 000,010,240 | ---- | M] (IBM Corp) -- C:\notes\ntaskldr.exe
PRC - [2007/09/27 09:53:30 | 001,114,112 | ---- | M] (IBM Corp) -- C:\notes\nlnotes.exe
PRC - [2007/05/22 16:33:36 | 003,297,280 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
PRC - [2007/04/13 05:50:00 | 000,251,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/06/30 00:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2003/10/23 23:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/03/24 16:14:22 | 000,077,824 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPsdkServ.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/29 08:25:17 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/11/29 08:25:16 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/11/14 11:29:18 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/14 11:29:18 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/10 19:19:05 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/11/10 19:18:34 | 000,696,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\be23c163048bbb0f72cfa339ef0eb193\log4net.ni.dll
MOD - [2011/11/10 19:17:58 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011/11/10 19:17:54 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/11/10 19:17:39 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/11/10 19:17:34 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
MOD - [2011/11/10 19:17:33 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/11/10 19:17:02 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/11/10 19:16:47 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MOD - [2011/11/08 14:49:58 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/11/08 14:49:44 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/11/08 14:49:42 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2011/11/08 14:49:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/11/08 14:49:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/11/08 14:49:23 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/11/08 14:49:12 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/18 13:20:32 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/18 13:20:32 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/18 13:20:30 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/18 13:20:30 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/18 13:20:25 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/18 13:20:24 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/18 13:20:23 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/18 13:20:22 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/18 13:20:18 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/18 13:20:08 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/10/09 17:19:50 | 000,870,232 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\Scan.dll
MOD - [2011/09/19 02:59:14 | 000,465,632 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\sqlite3.dll
MOD - [2011/07/13 10:05:34 | 000,067,584 | ---- | M] () -- C:\Program Files\OCS Inventory Agent\zlib1.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/23 13:41:30 | 000,138,752 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
MOD - [2011/06/16 21:40:38 | 000,034,128 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll
MOD - [2011/06/16 21:40:30 | 000,045,368 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll
MOD - [2011/06/16 21:40:14 | 000,128,336 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\LiveupdateTactics.dll
MOD - [2011/06/16 21:39:52 | 000,023,872 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\DbAccess.dll
MOD - [2011/06/02 00:39:00 | 000,054,272 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2011/06/02 00:39:00 | 000,041,984 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2011/04/26 15:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/04/26 15:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/04/26 09:50:48 | 001,227,776 | ---- | M] () -- C:\CalSync.exe
MOD - [2011/04/14 11:39:46 | 000,086,016 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcWrpc.dll
MOD - [2011/04/14 11:33:56 | 000,258,048 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2011/04/14 11:33:54 | 000,044,544 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
MOD - [2011/04/14 11:33:50 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
MOD - [2011/02/24 21:34:51 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/24 21:34:50 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/24 21:34:46 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/24 21:34:46 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/02/24 21:34:46 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/02/24 21:34:45 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/24 21:34:45 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/24 21:34:44 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/24 21:34:43 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/24 21:34:43 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/24 21:34:42 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/01/12 16:05:00 | 000,065,536 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2010/11/26 12:18:08 | 000,175,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
MOD - [2010/10/25 16:20:40 | 000,274,432 | ---- | M] () -- C:\Program Files\AT&T Global Network Client\skin\NetSkin.style
MOD - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
MOD - [2010/09/22 13:18:56 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2010/08/11 12:43:12 | 000,026,624 | ---- | M] () -- C:\Program Files\McAfee\Policy Auditor Agent\XalanMessages_1_10.dll
MOD - [2010/08/11 12:43:12 | 000,026,624 | ---- | M] () -- C:\Program Files\McAfee\Audit Manager\XalanMessages_1_10.dll
MOD - [2010/06/23 22:29:56 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/03/03 20:57:42 | 000,679,936 | ---- | M] () -- C:\Program Files\McAfee\Policy Auditor Agent\boost_regex-vc80-mt-1_39.dll
MOD - [2010/03/03 20:57:42 | 000,679,936 | ---- | M] () -- C:\Program Files\McAfee\Audit Manager\boost_regex-vc80-mt-1_39.dll
MOD - [2010/02/14 15:55:47 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/14 15:55:45 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/14 15:55:45 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2010/02/14 15:55:44 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/02/14 15:55:40 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/14 15:55:40 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/14 15:55:39 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/14 15:55:39 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/14 15:55:38 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/02/14 15:55:38 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/14 15:55:38 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/11/03 05:55:15 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
MOD - [2009/11/03 05:55:15 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.classic.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\Mouse\SetPoint\khalwrapper.dll
MOD - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2009/03/19 07:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
MOD - [2009/03/19 07:51:48 | 000,634,880 | ---- | M] () -- C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll
MOD - [2009/03/12 20:12:48 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\LocalizationWrapper.dll
MOD - [2009/03/12 20:12:48 | 000,007,680 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\en-US\LocalizationWrapper.resources.dll
MOD - [2009/03/12 20:12:46 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLibrary.dll
MOD - [2009/03/12 20:12:46 | 000,020,480 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadDataObjects.dll
MOD - [2008/11/24 17:34:02 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2008/11/24 17:28:58 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2008/11/24 17:28:58 | 000,139,264 | ---- | M] () -- c:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/09/27 04:05:54 | 000,114,688 | ---- | M] () -- C:\notes\nimuires.dll
MOD - [2007/06/18 18:28:44 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2007/04/18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 19:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MOD - [2006/06/30 00:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2003/11/03 17:46:11 | 001,425,408 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0\PDFMaker\Common\AdobePDFMakerX.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RegSrvc) Intel®
SRV - File not found [Auto | Stopped] -- -- (HidServ)
SRV - [2011/11/14 13:29:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/09/08 08:52:10 | 000,035,840 | ---- | M] (OCS Inventory NG) [Auto | Running] -- C:\Program Files\OCS Inventory Agent\OcsService.exe -- (OCS Inventory Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/06/16 21:40:58 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/06/02 00:39:00 | 000,292,200 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/06/02 00:39:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/06/02 00:39:00 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/05/30 14:18:14 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2011/04/26 15:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/18 13:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/04/14 13:48:42 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2011/04/14 13:48:40 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/12/20 20:48:36 | 000,488,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/28 19:49:28 | 000,145,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/11/23 18:30:28 | 000,155,712 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2010/10/25 16:33:50 | 000,080,224 | ---- | M] (AT&T) [On_Demand | Running] -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe -- (NetLogSvc)
SRV - [2010/10/25 16:33:40 | 000,723,808 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe -- (netcfgsvr)
SRV - [2010/10/25 16:33:20 | 000,354,144 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2010/10/22 20:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/10/22 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/10/22 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/11 12:53:12 | 000,200,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Audit Manager\AuditManagerService.exe -- (McAfeeAuditManager)
SRV - [2009/11/18 09:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/10/29 10:00:50 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.0\AGCoreService.exe -- (AGCoreService)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/03/19 07:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009/03/19 07:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 07:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 07:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2009/03/04 23:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/11/24 17:34:02 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/25 10:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/04/14 07:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 07:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/04/13 05:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/04/13 05:50:00 | 000,251,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/06/30 00:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/08/23 12:41:08 | 000,931,584 | ---- | M] (Zone Labs Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2003/03/24 16:14:22 | 000,077,824 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\WINDOWS\system32\PGPsdkServ.exe -- (PGPsdkServ)


========== Driver Services (SafeList) ==========

DRV - [2011/10/08 17:04:42 | 000,239,472 | ---- | M] () [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/10/06 23:27:00 | 000,039,336 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FireNfcp.sys -- (FireNfcp)
DRV - [2011/09/20 14:29:32 | 000,016,208 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/09/20 14:29:30 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/27 10:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2011/06/02 00:39:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2011/06/02 00:39:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2011/04/08 16:24:24 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2011/04/08 16:23:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2011/04/04 13:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 13:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/20 20:53:14 | 000,145,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/11/28 19:49:28 | 000,436,088 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/11/28 19:49:28 | 000,331,016 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/11/28 19:49:28 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/11/28 19:49:28 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/11/28 19:49:28 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/11/28 19:49:28 | 000,082,888 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/11/28 19:49:28 | 000,082,888 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/11/26 17:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/10/25 16:16:56 | 000,199,680 | R--- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2010/10/22 20:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/22 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/10/22 20:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/09/23 08:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/16 18:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/18 13:58:34 | 000,822,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/04/07 15:06:40 | 000,241,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2010/04/05 16:17:46 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2010/04/05 16:01:56 | 000,011,392 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/03/17 21:15:18 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/09 12:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/10/09 12:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/09/18 12:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/08/04 07:32:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009/07/15 17:37:52 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/07/10 12:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/30 11:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 11:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 11:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/06/23 11:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/03/20 00:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/11/25 19:37:48 | 001,754,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/25 02:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/04/14 07:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008/04/14 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/25 23:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/02/22 17:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 16:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/06/18 18:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 18:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 18:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 18:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 18:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 18:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 18:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 18:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/04/13 05:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/02/08 22:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/28 14:44:06 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2005/11/28 14:44:04 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2005/07/20 14:45:54 | 000,275,872 | ---- | M] (Zone Labs Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/09/03 12:31:42 | 001,915,837 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cpmt.sys -- (Cpmt)
DRV - [2004/09/03 12:31:42 | 000,035,693 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdpPacket.sys -- (CdpPacket)
DRV - [2003/03/24 16:14:44 | 000,026,624 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV - [2003/03/24 16:12:52 | 000,170,560 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://cnhads01.us-man.celestica.com/proxy/cel-man.pac

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://cnhads01.us-man.celestica.com/proxy/cel-man.pac

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://clsdb05.ca-chq.celestica.com/comm/global/global.nsf
IE - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = Celestica;connections.celestica.com;192.168.*.*;*.local;<local>
IE - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.70.4.6:8080

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\kmoynih\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/11 10:17:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/04 12:36:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/11 10:17:44 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Switch Proxy Plugin (Enabled) = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\1.0.11208.1\plugin/blackfishietab.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\kmoynih\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files\Verizon\VSP\nprpspa.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: TigerDirect search = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aopajcojggoejbhkmfakmpggpnphhomb\1.0\
CHR - Extension: Type-ahead-find = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejhkmbpkbadpjkacgcjbpngepiclnblb\0.0.2\
CHR - Extension: 1-ClickWeather for Chrome = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgmbighdoomjmebfbgplfmhcdbomjkoa\1.1.0.3\
CHR - Extension: Sports Illustrated Snapshot = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fhpknagfeicadegdhaipgklmnpekbgeb\1.5_0\
CHR - Extension: IE Tab = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\1.0.11208.1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Bubble Translate = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlhlebbhengjlhmcjebbkambaekglhkf\1.5\
CHR - Extension: Poppit = C:\Documents and Settings\kmoynih\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Reg Error: Value error. File not found
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Updater For Verizon Toolbar) - {96673559-e653-4cdc-8923-f89347a952c0} - Reg Error: Value error. File not found
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - Reg Error: Value error. File not found
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O2 - BHO: (Boston Red Sox Toolbar) - {d40eb577-b16f-411b-81dc-afedf8b60a50} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - Reg Error: Value error. File not found
O2 - BHO: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Boston Red Sox Toolbar) - {d40eb577-b16f-411b-81dc-afedf8b60a50} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..\Toolbar\WebBrowser: (Boston Red Sox Toolbar) - {D40EB577-B16F-411B-81DC-AFEDF8B60A50} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfee Policy Auditor Tray Icon] C:\Program Files\McAfee\Policy Auditor Agent\PASysTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974..\Run: [CalSync.exe] C:\CalSync.exe ()
O4 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC)
O4 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\Mouse\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OCS Inventory NG Systray.lnk = C:\Program Files\OCS Inventory Agent\OcsSystray.exe (OCS Inventory NG)
O4 - Startup: C:\Documents and Settings\kmoynih\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Save Page As PDF ... - C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Enable/Disable PDF Download for this site - {96538116-AB8C-4879-9F21-BD2BFE22A414} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\.DEFAULT\..Trusted Domains: celestica.com ([torcnf01.ca-tor] http in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: mail.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: celestica.com ([torcnf01.ca-tor] http in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: mail.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: bankofamerica.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: celestica.com ([clsdb05.ca-chq] http in Local intranet)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: celestica.com ([eetime] https in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: celestica.com ([salproxy.us-sal] * in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: celestica.com ([torcnf01.ca-tor] http in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: citrix.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: compusa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: extremefeeds.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: fda.gov ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: gmodules.com ([ig] * in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: iobit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: mail.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: partminer.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: verizon.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: verizon.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2784361697-1073841805-3558509832-46974\..Trusted Domains: yorkcast.com ([fda] http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemywifi.verizon.net/sdcCommon/download/WIFI/Verizon%20WiFi%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} http://chqqkr00.americas.ad.celestica.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} http://clsml12.ca-chq.celestica.com/iNotes6.cab (iNotes6 Class)
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab (Ovi maps browser plugin)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257245238953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264603025798 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {838BAB8D-43B6-456C-A2B3-C119BDAFA221} https://impact-enterprise.rny.ihost.com/IM/Monitor247Attach.CAB (Monitor247Attach.AJAXUpload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://celestica.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = americas.ad.celestica.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{880B9C94-EC12-4325-9246-75A37FFA92E2}: NameServer = 10.141.26.18,10.33.32.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B67ECC5D-B203-4F10-95BB-5B5842812573}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) -C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kmoynih\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 17:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4a1d614a-d84a-11de-b3b8-001e65cb24fc}\Shell - "" = AutoRun
O33 - MountPoints2\{4a1d614a-d84a-11de-b3b8-001e65cb24fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a1d614a-d84a-11de-b3b8-001e65cb24fc}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CAISS/CAInstallationMenu.html
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: IMFservice - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.PLCMg719 - C:\WINDOWS\System32\PLCMg719.acm (Polycom, Inc.)
Drivers32: msacm.PLCMg7221 - C:\WINDOWS\System32\PLCMg7221.acm (Polycom, Inc.)
Drivers32: msacm.PLCMg729A - C:\WINDOWS\System32\PLCMg729A.acm (Polycom, Inc.)
Drivers32: msacm.PLCMsiren - C:\WINDOWS\System32\PLCMsiren.acm (Polycom, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 00:18:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kmoynih\Desktop\WEB_Pro.scr
[2011/11/18 14:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmoynih\My Documents\CAPA Cert_files
[2011/11/17 19:11:18 | 028,310,672 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\kmoynih\Desktop\IS_AP_STA_RT2860_D-3.2.1.0_VA-3.2.1.0_W7-3.2.1.0_RU-4.1.1.0_AU-4.1.0.0_051911_1.5.12.0WP_Free.exe
[2011/11/16 20:44:03 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\kmoynih\Desktop\RootRepeal.exe
[2011/11/16 12:45:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\kmoynih\Desktop\dds.scr
[2011/11/16 09:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/15 23:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Browser Hijack Recover(BHR)
[2011/11/15 10:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/11/14 16:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatFire
[2011/11/14 16:40:12 | 000,069,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/11/14 16:40:12 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/11/14 16:40:12 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/11/14 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011/11/14 16:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/11/14 11:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmoynih\Application Data\SUPERAntiSpyware.com
[2011/11/14 11:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/11/14 11:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/14 11:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/14 11:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/12 15:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Anti Hacker
[2011/11/12 15:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Anti Hacker
[2011/11/11 21:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/11/11 17:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/11 14:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/10 22:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/10 15:42:44 | 000,000,000 | ---D | C] -- C:\Quarantine
[2011/11/09 22:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmoynih\My Documents\VSO Downloader
[2011/11/09 22:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmoynih\Application Data\vso
[2011/11/09 22:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/11/09 11:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\OCS Inventory Agent
[2011/11/09 11:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OCS Inventory NG
[2011/11/09 11:11:57 | 000,000,000 | ---D | C] -- C:\OCS
[2009/11/30 16:38:53 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2009/11/09 12:51:22 | 000,253,952 | ---- | C] (Macromedia, Inc.) -- C:\Program Files\NPSWF32.dll
[2009/11/03 11:49:33 | 003,125,248 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2009/11/03 11:49:32 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2009/11/03 11:49:31 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2009/11/03 11:49:30 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[2009/10/08 22:31:21 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/10/08 22:31:18 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\Documents and Settings\kmoynih\*.tmp files -> C:\Documents and Settings\kmoynih\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/29 10:20:49 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2784361697-1073841805-3558509832-46974.job
[2011/11/29 10:20:49 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2784361697-1073841805-3558509832-46974.job
[2011/11/29 09:44:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/29 09:41:02 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2784361697-1073841805-3558509832-46974UA.job
[2011/11/29 09:34:03 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/29 08:25:41 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Global Network Client.lnk
[2011/11/29 08:24:32 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\kmoynih\.rnd
[2011/11/29 08:23:51 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/11/29 08:23:07 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/29 08:23:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/29 08:23:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/11/29 08:23:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/11/29 08:13:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/11/29 08:13:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/29 08:13:20 | 2038,460,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/29 08:08:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2F36B87D-FFEB-4759-91BA-37B2482ECED4}.job
[2011/11/29 08:06:13 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/11/29 07:55:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2011/11/25 23:50:00 | 000,002,192 | ---- | M] () -- C:\CalSync.settings
[2011/11/22 17:38:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/11/22 12:41:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2784361697-1073841805-3558509832-46974Core.job
[2011/11/22 10:39:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmoynih\Desktop\WEB_Pro.scr
[2011/11/22 10:17:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\kmoynih\Start Menu\Programs\Startup\Webshots.lnk
[2011/11/21 22:32:54 | 000,472,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/21 17:28:42 | 000,074,710 | ---- | M] () -- C:\Documents and Settings\kmoynih\My Documents\scheduleoffees_color[1].pdf
[2011/11/21 17:13:44 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2011/11/21 17:13:44 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Standard.lnk
[2011/11/18 18:04:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/11/18 14:58:33 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\kmoynih\My Documents\CAPA Cert.htm
[2011/11/17 19:14:56 | 028,310,672 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\kmoynih\Desktop\IS_AP_STA_RT2860_D-3.2.1.0_VA-3.2.1.0_W7-3.2.1.0_RU-4.1.1.0_AU-4.1.0.0_051911_1.5.12.0WP_Free.exe
[2011/11/17 18:57:24 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/16 20:59:47 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\kmoynih\Desktop\settings.dat
[2011/11/16 20:44:03 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\kmoynih\Desktop\RootRepeal.exe
[2011/11/16 20:09:42 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\kmoynih\Desktop\RootRepeal.zip
[2011/11/16 15:02:21 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\kmoynih\Desktop\gmer.exe
[2011/11/16 14:43:50 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\kmoynih\Desktop\gmer.zip
[2011/11/16 12:58:33 | 002,547,882 | ---- | M] () -- C:\Documents and Settings\kmoynih\My Documents\Tahoe P&S.pdf
[2011/11/16 12:45:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\kmoynih\Desktop\dds.scr
[2011/11/16 11:38:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/16 10:40:05 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleaner.job
[2011/11/16 10:11:52 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/15 23:46:54 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\kmoynih\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser Hijack Recover(BHR).lnk
[2011/11/15 23:46:54 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\kmoynih\Desktop\Browser Hijack Recover(BHR).lnk
[2011/11/14 11:27:34 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/12 00:21:03 | 000,034,809 | ---- | M] () -- C:\Documents and Settings\kmoynih\My Documents\qUALITY sYSTEMS _certificate.pdf
[2011/11/11 21:05:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/11 21:05:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/11 20:42:34 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/11/11 20:42:34 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/11/11 13:06:15 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\s2CC4XD.dat
[2011/11/11 13:03:56 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\05F4HkyS.exe_.b
[2011/11/11 13:03:56 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\05F4HkyS.exe.b
[2011/11/10 11:39:55 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\kmoynih\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 22:14:09 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/11/09 15:30:00 | 001,670,230 | ---- | M] () -- C:\Documents and Settings\kmoynih\My Documents\MCS Global Newsletter Q3 2011.pdf
[2011/11/09 13:56:26 | 000,016,893 | ---- | M] () -- C:\Documents and Settings\kmoynih\My Documents\Passing an FDA Inspection Cert.pdf
[2011/11/09 13:16:49 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\kmoynih\Desktop\Document Shortcut.shb
[2011/11/09 12:12:56 | 000,046,823 | ---- | M] () -- C:\Documents and Settings\kmoynih\My Documents\Yankee Candle Coupon.pdf
[2011/11/09 11:14:17 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OCS Inventory NG Systray.lnk
[2011/11/09 11:14:11 | 000,000,187 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/11/08 17:29:56 | 000,573,776 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 17:29:56 | 000,120,886 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 10:59:15 | 000,028,519 | ---- | M] () -- C:\Documents and Settings\kmoynih\My Documents\Rachael Ray - Cranberry Sauce.pdf
[2011/11/01 20:33:39 | 000,000,764 | ---- | M] () -- C:\WINDOWS\tasks\Notes files.job
[2011/11/01 10:00:45 | 000,000,804 | ---- | M] () -- C:\WINDOWS\tasks\Documents backup.job
[2011/11/01 09:33:47 | 000,133,861 | ---- | M] () -- C:\Documents and Settings\kmoynih\My Documents\2011 FID_lic_app.pdf
[2011/10/31 13:42:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[1 C:\Documents and Settings\kmoynih\*.tmp files -> C:\Documents and Settings\kmoynih\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/29 08:13:36 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/11/29 07:47:34 | 2038,460,416 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/21 17:28:42 | 000,074,710 | ---- | C] () -- C:\Documents and Settings\kmoynih\My Documents\scheduleoffees_color[1].pdf
[2011/11/21 17:13:44 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2011/11/21 17:13:43 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 6.0 Standard.lnk
[2011/11/21 17:13:43 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 6.0.lnk
[2011/11/18 14:58:32 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\kmoynih\My Documents\CAPA Cert.htm
[2011/11/17 17:15:51 | 001,665,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/11/16 20:52:54 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\kmoynih\Desktop\settings.dat
[2011/11/16 20:09:40 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\kmoynih\Desktop\RootRepeal.zip
[2011/11/16 17:23:59 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\kmoynih\.rnd
[2011/11/16 15:02:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\kmoynih\Desktop\gmer.exe
[2011/11/16 14:43:48 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\kmoynih\Desktop\gmer.zip
[2011/11/16 12:58:33 | 002,547,882 | ---- | C] () -- C:\Documents and Settings\kmoynih\My Documents\Tahoe P&S.pdf
[2011/11/15 23:46:54 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\kmoynih\Application Data\Microsoft\Internet Explorer\Quick Launch\Browser Hijack Recover(BHR).lnk
[2011/11/15 23:46:54 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\kmoynih\Desktop\Browser Hijack Recover(BHR).lnk
[2011/11/14 11:27:34 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/12 00:21:03 | 000,034,809 | ---- | C] () -- C:\Documents and Settings\kmoynih\My Documents\qUALITY sYSTEMS _certificate.pdf
[2011/11/11 13:10:17 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/11/11 13:10:16 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/11/11 13:03:56 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\05F4HkyS.exe_.b
[2011/11/11 13:03:56 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\05F4HkyS.exe.b
[2011/11/11 12:57:38 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\s2CC4XD.dat
[2011/11/09 22:14:09 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/11/09 15:29:41 | 001,670,230 | ---- | C] () -- C:\Documents and Settings\kmoynih\My Documents\MCS Global Newsletter Q3 2011.pdf
[2011/11/09 13:56:26 | 000,016,893 | ---- | C] () -- C:\Documents and Settings\kmoynih\My Documents\Passing an FDA Inspection Cert.pdf
[2011/11/09 13:16:48 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\kmoynih\Desktop\Document Shortcut.shb
[2011/11/09 12:12:56 | 000,046,823 | ---- | C] () -- C:\Documents and Settings\kmoynih\My Documents\Yankee Candle Coupon.pdf
[2011/11/09 11:14:17 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OCS Inventory NG Systray.lnk
[2011/11/08 10:59:15 | 000,028,519 | ---- | C] () -- C:\Documents and Settings\kmoynih\My Documents\Rachael Ray - Cranberry Sauce.pdf
[2011/11/01 09:33:47 | 000,133,861 | ---- | C] () -- C:\Documents and Settings\kmoynih\My Documents\2011 FID_lic_app.pdf
[2011/10/24 10:59:08 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/10/24 10:59:08 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/07/20 15:38:34 | 000,390,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/07 12:14:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/20 21:18:57 | 000,146,787 | ---- | C] () -- C:\Documents and Settings\kmoynih\Application Data\MMUpgrade.jpg
[2011/03/03 16:09:34 | 000,100,828 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/19 10:03:27 | 000,608,112 | ---- | C] () -- C:\Documents and Settings\kmoynih\Local Settings\Application Data\wanancsp.dat
[2010/12/13 16:11:12 | 000,023,100 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2010/10/25 16:17:02 | 000,271,686 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2010/10/21 14:07:53 | 000,001,546 | ---- | C] () -- C:\WINDOWS\LMAAR2DD.ini
[2010/09/22 13:18:56 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010/08/23 22:41:27 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/05/24 21:51:13 | 000,250,890 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2010/05/24 21:03:26 | 000,077,376 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/05/24 20:58:33 | 000,259,274 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2010/05/24 13:50:57 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/05/19 16:45:53 | 000,177,777 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2010/05/19 16:45:53 | 000,002,428 | ---- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2010/05/06 14:58:44 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/04/21 14:47:06 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\kmoynih\Local Settings\Application Data\PUTTY.RND
[2010/02/25 11:38:52 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2010/02/24 11:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/01/07 12:52:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/12/08 12:07:59 | 000,022,743 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/04 09:32:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/30 16:22:14 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\kmoynih\Local Settings\Application Data\fusioncache.dat
[2009/11/12 16:39:28 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\kmoynih\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 13:01:26 | 000,000,187 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/11/09 17:35:44 | 000,000,039 | ---- | C] () -- C:\WINDOWS\pos.ini
[2009/11/09 12:38:18 | 000,000,084 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
[2009/11/06 15:55:48 | 000,012,054 | R--- | C] () -- C:\WINDOWS\hpwscr20.dat
[2009/11/06 15:26:05 | 000,000,399 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/04 02:34:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PGPtclP11.dll
[2009/11/04 02:25:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/03 11:58:47 | 000,016,660 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/11/03 11:49:31 | 000,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2009/11/03 11:49:31 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2009/11/03 11:47:28 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2009/11/03 11:47:28 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2009/11/03 11:47:28 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2009/11/03 11:47:27 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2009/11/03 11:47:27 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2009/11/03 11:41:39 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2009/11/03 11:41:38 | 000,002,587 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2009/11/03 11:41:38 | 000,000,262 | ---- | C] () -- C:\WINDOWS\sapmsg.ini
[2009/11/03 11:41:38 | 000,000,053 | ---- | C] () -- C:\WINDOWS\saproute.ini
[2009/11/03 05:16:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2009/10/08 23:02:00 | 000,000,456 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/10/08 22:46:32 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/10/08 22:45:30 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2009/10/08 22:45:27 | 000,150,080 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009/10/08 22:42:23 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/10/08 22:42:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/08 22:39:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/10/08 22:39:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/10/08 22:39:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/10/08 22:39:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/10/08 22:39:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/10/08 22:39:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/10/08 22:32:13 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/10/08 22:32:12 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/10/08 22:31:21 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/10/08 22:31:21 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/10/08 22:31:20 | 001,754,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/10/08 22:25:59 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\softkbd.exe.config
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/19 07:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009/03/19 07:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2008/07/22 10:22:09 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 17:50:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/07/21 17:50:00 | 000,573,776 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/07/21 17:50:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/07/21 17:50:00 | 000,120,886 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/07/21 17:50:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/07/21 17:49:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/07/21 17:49:59 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/07/21 17:49:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/21 17:49:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/07/21 17:49:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/07/21 17:49:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/07/21 17:49:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/07/21 17:04:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/21 17:00:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 09:55:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 09:55:02 | 000,472,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/27 00:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/27 00:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1997/05/09 00:00:00 | 000,616,576 | ---- | C] () -- C:\WINDOWS\System32\ICONS1.DLL
[1997/05/09 00:00:00 | 000,422,464 | ---- | C] () -- C:\WINDOWS\System32\ICONS2.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/04/26 09:50:48 | 001,227,776 | ---- | M] () -- C:\CalSync.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >


EXTRA:

OTL Extras logfile created on: 11/26/2011 12:19:53 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\kmoynih\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.90 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 80.95% Memory free
3.75 Gb Paging File | 3.61 Gb Available in Paging File | 96.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.36 Gb Total Space | 195.08 Gb Free Space | 66.73% Space Free | Partition Type: NTFS
Drive E: | 15.06 Gb Total Space | 14.79 Gb Free Space | 98.25% Space Free | Partition Type: FAT32

Computer Name: CREM-KMOYNIH | User Name: kmoynih | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2784361697-1073841805-3558509832-46974\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"427:UDP" = 427:UDP:*:Enabled:IN 427
"161:UDP" = 161:UDP:*:Enabled:Out161
"139:UDP" = 139:UDP:*:Enabled:out139
"9100:TCP" = 9100:TCP:*:Enabled:tcp9100out
"9220:TCP" = 9220:TCP:*:Enabled:tcp9220out
"9290:TCP" = 9290:TCP:*:Enabled:tcp9290out
"9500:TCP" = 9500:TCP:*:Enabled:tcp9500out
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"21112:TCP" = 21112:TCP:*:Enabled:Trend Micro OfficeScan Listener
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"6129:TCP" = 6129:TCP:*:Enabled:dameware
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"5050:TCP" = 5050:TCP:*:Enabled:verizon
"5050:UDP" = 5050:UDP:*:Enabled:Verizon Discovery
"18000:TCP" = 18000:TCP:*:Enabled:verizon stream
"18001:TCP" = 18001:TCP:*:Enabled:Verizon stream 2
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"D:\setup\HPZnui01.exe" = D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\kmoynih\Local Settings\Temp\7zS128.tmp\setup\HPZnui01.exe" = C:\Documents and Settings\kmoynih\Local Settings\Temp\7zS128.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Cisco Systems\Cisco IP Communicator\Communicator.exe" = C:\Program Files\Cisco Systems\Cisco IP Communicator\Communicator.exe:*:Enabled:Cisco IP Communicator -- (Cisco Systems, Inc.)
"C:\Program Files\CoreFTP\coreftp.exe" = C:\Program Files\CoreFTP\coreftp.exe:*:Enabled:Core FTP Lite -- (Core FTP)
"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\msmoney.exe" = C:\Program Files\Microsoft Money 2006\MNYCoreFiles\msmoney.exe:*:Enabled:Microsoft Money 2006 -- (Microsoft® Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"D:\setup\HPZnui01.exe" = D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" = C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe:*:Enabled:Verizon Media Manager.exe -- ()
"C:\Program Files\Verizon\Verizon Media Manager\Release\VZVideoAgent.exe" = C:\Program Files\Verizon\Verizon Media Manager\Release\VZVideoAgent.exe:*:Enabled:VZVideoAgent.exe -- (Verizon)
"C:\Program Files\7-Zip\7zFM.exe" = C:\Program Files\7-Zip\7zFM.exe:*:Enabled:7-Zip File Manager -- (Igor Pavlov)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\AT&T Global Network Client\SwiApiMux.exe" = C:\Program Files\AT&T Global Network Client\SwiApiMux.exe:*:Enabled:SwiApiMux
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{05AC4CE9-8846-49E1-9169-6E791ED9A9FC}" = Mobile Broadband Connect
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08333C2F-8219-48E8-8569-E53D4C761882}" = Network Recording Player
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}" = ScanSoft OmniPage 15.0
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{243FEC33-075C-40D9-A331-988DC984CA92}" = AT&T Global Network Client Managed VPN Edition
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2E3539A3-313C-4FBD-813F-09EDFB6044F8}" = PartMiner CAPS Connect Install
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{332D9DDE-7A4E-40B6-927C-E83F1957C7E7}" = MobileMaster
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{395AD660-EAA2-012B-ADE3-000000000000}" = TurboTax 2009 wmaiper
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3EC80F7E-7B5B-4CB7-9ED2-ABB30FEFC682}" = calibre
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{48804885-8367-42B0-A425-DA558F5CCD04}" = McAfee Policy Auditor Agent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A39A27F-005B-407E-8CF5-F4D8065658E4}" = SMS Advanced Client
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BBF41F9-AE0E-4DA0-A317-C405B0640B5E}" = Sony Ericsson Sound Editor
"{4C018129-1793-48D2-B82C-6FA71C96B476}" = Online Data Backup
"{4D859FC3-59F5-4EC7-BD03-E6D73DB8C7BD}" = Polycom CMA Desktop
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}" = Vz In Home Agent
"{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}" = Paint.NET v3.10
"{606D713C-B60C-11D6-A47A-00B0D03E4223}" = SolidWorks 2004 Viewer
"{60DDF5DB-1D28-4C93-BD23-BAF440D0BB67}" = PDF Download for Internet Explorer
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A6E8061-E1E6-4556-9780-29C85C794E02}" = Final Fantasy XI Theme Installer
"{6B005DF6-6B6E-4551-B632-B0001DF50499}" = McAfee Host Intrusion Prevention
"{6B005DF6-6B6E-4551-B632-B0001DF50499}_Uninst" = McAfee Host Intrusion Prevention
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142120}" = Java 2 Runtime Environment, SE v1.4.2_12
"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73CFFFCA-133A-4CC8-9903-078B8B0309EC}" = PartMiner CAPS Connect Update
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78E83B4F-7230-4F0B-B1AD-8DDF05473D6F}" = Intel® PROSet/Wireless WiFi Software
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{a454c267-70b9-3bfc-af15-628bcc82d578}" = Webshots Desktop
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C35CCBEB-5A54-4DD8-9EC8-110F2A8154B3}" = Motorola Mobile Drivers Installation 5.1.0
"{C383CBAD-61FA-417E-B784-2E9F1E843DF2}" = TurboTax 2010 wmaiper
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C491D6F4-8DE9-4B3B-96EB-69D72E9843C2}" = Cisco IP Communicator
"{C4B76E93-3FC2-4E90-81EE-EE62948CFB03}" = Sony Ericsson Mobile Phone Monitor
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C60D55DA-7EE4-4AF4-B911-2C1CD3CEDA19}" = WebEx Productivity Tools
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D6A1A92B-B105-48C5-87B8-D95A975FC9F3}" = 101 VB.NET Samples
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DC1DDAC3-510E-44b1-A969-529FFED5A619}" = J4600
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED9A325D-9622-4FD0-A731-73D23C6265F3}" = CapMan
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F10572FA-588C-4653-AD22-96AC843D5733}" = Lotus Notes 7.0.3
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"7-Zip" = 7-Zip 4.65
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Able2Extract Professional v6.0" = Able2Extract Professional v6.0
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Amazon Kindle For PC" = Amazon Kindle For PC
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Anti Hacker_is1" = Anti Hacker 1.0
"Boston_Red_Sox Toolbar" = Boston Red Sox Toolbar
"Browser Hijack Recover_is1" = Browser Hijack Recover(BHR) 3.0
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Core FTP LE 2.1" = Core FTP LE 2.1
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"HECI" = Intel® Management Engine Interface
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"IObit Malware Fighter_is1" = IObit Malware Fighter
"ITPM" = Intel® Trusted Platform Module
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2006b" = Microsoft Money 2006
"MotoHelper" = MotoHelper 2.0.51 Driver 5.1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"OCS Inventory NG Agent" = OCS Inventory NG Agent 2.0.1.0
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PGP" = PGP 8.0.2
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® Network Connections Drivers
"PuTTY_is1" = PuTTY version 0.60
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"RealPlayer 12.0" = RealPlayer
"SAPGUI710" = SAP GUI 7.10
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag 2_is1" = Smart Defrag 2
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Trim Spaces for Microsoft Excel_is1" = Trim Spaces for Microsoft Excel 1.1
"TurboFire Controller Customizer_is1" = TurboFire Controller Customizer
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon Media Manager" = Verizon Media Manager
"Verizon WiFi Activation_is1" = Verizon WiFi Activation
"verizontb" = Verizon Toolbar
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2784361697-1073841805-3558509832-46974\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Lenovo-Message Center Plus/Admin Events ]
Error - 10/5/2011 10:10:17 AM | Computer Name = CREM-KMOYNIH | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (407) Proxy Authentication Required.
-> Exception message: The remote server returned an error: (407) Proxy Authentication
Required.

Error - 10/5/2011 2:12:07 PM | Computer Name = CREM-KMOYNIH | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (407) Proxy Authentication Required.
-> Exception message: The remote server returned an error: (407) Proxy Authentication
Required.

Error - 10/17/2011 9:42:03 AM | Computer Name = CREM-KMOYNIH | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (407) Proxy Authentication Required.
-> Exception message: The remote server returned an error: (407) Proxy Authentication
Required.

Error - 10/17/2011 12:31:49 PM | Computer Name = CREM-KMOYNIH | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (407) Proxy Authentication Required.
-> Exception message: The remote server returned an error: (407) Proxy Authentication
Required.

Error - 10/17/2011 4:33:48 PM | Computer Name = CREM-KMOYNIH | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (407) Proxy Authentication Required.
-> Exception message: The remote server returned an error: (407) Proxy Authentication
Required.

Error - 10/19/2011 1:46:54 PM | Computer Name = CREM-KMOYNIH | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (407) Proxy Authentication Required.
-> Exception message: The remote server returned an error: (407) Proxy Authentication
Required.

Error - 10/31/2011 4:12:02 PM | Computer Name = CREM-KMOYNIH | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (407) Proxy Authentication Required.
-> Exception message: The remote server returned an error: (407) Proxy Authentication
Required.

Error - 11/9/2011 2:19:55 PM | Computer Name = CREM-KMOYNIH | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (407) Proxy Authentication Required.
-> Exception message: The remote server returned an error: (407) Proxy Authentication
Required.

Error - 11/14/2011 1:48:38 PM | Computer Name = CREM-KMOYNIH | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (407) Proxy Authentication Required.
-> Exception message: The remote server returned an error: (407) Proxy Authentication
Required.

Error - 11/14/2011 5:11:17 PM | Computer Name = CREM-KMOYNIH | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (407) Proxy Authentication Required.
-> Exception message: The remote server returned an error: (407) Proxy Authentication
Required.

[ System Events ]
Error - 11/26/2011 1:08:24 AM | Computer Name = CREM-KMOYNIH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service NetCfgSvr with
arguments "-Service" in order to run the server: {EB0A2BB8-5AA4-4787-99FE-F92A56BB39CD}

Error - 11/26/2011 1:08:25 AM | Computer Name = CREM-KMOYNIH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service NetCfgSvr with
arguments "-Service" in order to run the server: {46A32167-3C01-4911-B46C-CCB53F5A98A5}

Error - 11/26/2011 1:08:25 AM | Computer Name = CREM-KMOYNIH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service NetCfgSvr with
arguments "-Service" in order to run the server: {46A32167-3C01-4911-B46C-CCB53F5A98A5}

Error - 11/26/2011 1:08:25 AM | Computer Name = CREM-KMOYNIH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service NetCfgSvr with
arguments "-Service" in order to run the server: {46A32167-3C01-4911-B46C-CCB53F5A98A5}

Error - 11/26/2011 1:14:39 AM | Computer Name = CREM-KMOYNIH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service NetCfgSvr with
arguments "-Service" in order to run the server: {46A32167-3C01-4911-B46C-CCB53F5A98A5}

Error - 11/26/2011 1:14:39 AM | Computer Name = CREM-KMOYNIH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service NetCfgSvr with
arguments "-Service" in order to run the server: {46A32167-3C01-4911-B46C-CCB53F5A98A5}

Error - 11/26/2011 1:14:40 AM | Computer Name = CREM-KMOYNIH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service NetCfgSvr with
arguments "-Service" in order to run the server: {46A32167-3C01-4911-B46C-CCB53F5A98A5}

Error - 11/26/2011 1:17:51 AM | Computer Name = CREM-KMOYNIH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/26/2011 1:18:34 AM | Computer Name = CREM-KMOYNIH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/26/2011 1:18:40 AM | Computer Name = CREM-KMOYNIH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}


< End of report >




#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 30 November 2011 - 05:35 PM

Hi,

there's an infection around that is very hard to identify from within windows, but easily identifiable when you get the data from a linux CD. Which is what I would like you to do next:
Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK and make sure to select the downloaded ISO file as source and don't let the installer get the linux from th internet.
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • You will see a list of folders: sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB, please open that and confirm it's your flash drive.
  • If it is your flash drive press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

Please also run a scan with ComboFix (from within Windows):
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Teksaavy

Teksaavy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 06 December 2011 - 04:42 PM

The linux would not mount my hard drive. In order to boot from USB, I had to remove the hard drive, and no matter how fast I reinserted it, the linux never mounted it, I'd get an error, the Zip file it created is empty.
I kept getting an error running Combofix. Can't find NIRKMD. I read online this is caused by my McAfee (I can't disable it, it's a company laptop), same reason I couldn't move the USB up the bootable chain in BIOS. I could try to run Combofix again from safe mode boot if you prefer. Txt file is attached. I had to re-load the keyboard and trackpad after it ran...good thing I have a USB keyboard on my other machine.
Let me know what else I should do, I'll also check to see if my symptoms are gone.

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 06 December 2011 - 08:15 PM

Hi,

yes please try running ComboFix from safe mode.

Is the hard drive part of a RAID or in special in any other way? As you have the possibility to take the drive, would you also have the possibility to attach it through as a removable drive over USB? (You'd need the according casing for it, which I guess is what I'm asking if you own it)

Can you see the BIOS boot order or is your access to the BIOS completely blocked?

How is the PC doing? ComboFix still did a good chunk of work according to the logs.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 03 January 2012 - 07:18 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users