Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacker.Tubby Removal

Started by ardoc14 , Apr 28 2011 05:24 PM

  • This topic is locked This topic is locked

#1
ardoc14
Posted 28 April 2011 - 05:24 PM

ardoc14

    Member

  • Member
  • PipPip
  • 15 posts
Hello,

I was running a scan with SUPERAntispyware and it showed that i am infected with Browser Hijacker.Tubby, After the scan finished i went through the process of cleaning, but after i ran the scan again the same malware showed. Please help me remove it or is it something that will not cause any damage. Computer and the browser are running fine. I have Symantec antivirus currently installed.

Thank You.
  • 0

Advertisements

#2
sempai
Posted 03 May 2011 - 07:19 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello ardoc14 and welcome to G2G :),

Please read Malware and Spyware Cleaning Guide then post the required logs and we will begin from there. Thanks.
  • 0

#3
ardoc14
Posted 03 May 2011 - 04:56 PM

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
First thanks for taking the time to help me with this issue.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/03/2011 at 06:48 PM

Application Version : 4.51.1000

Core Rules Database Version : 6863
Trace Rules Database Version: 4675

Scan type : Complete Scan
Total Scan Time : 00:04:05

Memory items scanned : 461
Memory threats detected : 0
Registry items scanned : 9490
Registry threats detected : 10
File items scanned : 61
File threats detected : 6

Adware.Tracking Cookie
C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Cookies\arjon@atdmt[1].txt
C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Cookies\arjon@specificclick[2].txt
C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Cookies\arjon@specificmedia[1].txt
C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Cookies\arjon@tribalfusion[2].txt
C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Cookies\arjon@doubleclick[1].txt
C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Cookies\arjon@serving-sys[2].txt

Browser Hijacker.Tubby
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#EstimatedSize






And this is the log from OTS :

OTS logfile created on: 5/3/2011 6:52:49 PM - Run 3
OTS by OldTimer - Version 3.1.42.0     Folder = C:\Users\Arjon\Desktop\New folder
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 189.31 Gb Free Space | 41.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 9.77 Gb Total Space | 3.74 Gb Free Space | 38.32% Space Free | Partition Type: NTFS
 
Computer Name: ARJON-THINK
Current User Name: Arjon
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Quick Scan
 
[Processes - Safe List]
ots.exe -> C:\Users\Arjon\Desktop\New folder\OTS.exe -> [2011/04/30 15:19:34 | 000,645,632 | ---- | M] (OldTimer Tools)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2011/04/22 09:07:58 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com)
pwmewsvc.exe -> C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -> [2011/04/19 03:52:00 | 000,143,360 | ---- | M] ()
schtask.exe -> C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE -> [2011/04/19 03:52:00 | 000,062,824 | ---- | M] (Lenovo Group Limited)
tuneuputilitiesapp32.exe -> C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe -> [2011/03/30 19:01:50 | 000,671,552 | ---- | M] (TuneUp Software)
tuneuputilitiesservice32.exe -> C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -> [2011/03/30 19:00:10 | 001,523,008 | ---- | M] (TuneUp Software)
vmnetdhcp.exe -> C:\Windows\System32\vmnetdhcp.exe -> [2011/03/25 23:51:46 | 000,334,448 | ---- | M] (VMware, Inc.)
vmware-tray.exe -> C:\Program Files\VMware\VMware Workstation\vmware-tray.exe -> [2011/03/25 23:51:34 | 000,129,648 | ---- | M] (VMware, Inc.)
vmnat.exe -> C:\Windows\System32\vmnat.exe -> [2011/03/25 23:51:32 | 000,404,080 | ---- | M] (VMware, Inc.)
vmware-authd.exe -> C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -> [2011/03/25 23:51:20 | 000,113,264 | ---- | M] (VMware, Inc.)
vmware-usbarbitrator.exe -> C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -> [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.)
divxupdate.exe -> C:\Program Files\DivX\DivX Update\DivXUpdate.exe -> [2011/03/21 14:56:16 | 001,230,704 | ---- | M] ()
tpscrex.exe -> C:\Program Files\Lenovo\ZOOM\TpScrex.exe -> [2011/03/08 16:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited)
tponscr.exe -> C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe -> [2011/03/08 16:20:58 | 000,267,624 | ---- | M] (Lenovo Group Limited)
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
suservice.exe -> C:\Program Files\Lenovo\System Update\SUService.exe -> [2011/02/18 20:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited)
syntplpr.exe -> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -> [2011/02/17 22:24:36 | 000,132,392 | ---- | M] (Synaptics Incorporated)
tpknrsvc.exe -> C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -> [2011/01/14 18:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited)
tpknrres.exe -> C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe -> [2011/01/14 18:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited)
cammute.exe -> C:\Program Files\Lenovo\Communications Utility\CamMute.exe -> [2011/01/14 18:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited)
evteng.exe -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2010/12/17 17:22:40 | 000,936,208 | ---- | M] (Intel(R) Corporation)
regsrvc.exe -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2010/12/17 17:08:40 | 000,477,456 | ---- | M] (Intel(R) Corporation)
tpnumlkd.exe -> C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe -> [2010/12/14 18:57:20 | 000,136,040 | ---- | M] (Lenovo Group Limited)
upeksvr.exe -> C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe -> [2010/12/08 13:18:56 | 000,057,168 | ---- | M] (UPEK Inc.)
tphkload.exe -> C:\Program Files\Lenovo\HOTKEY\tphkload.exe -> [2010/12/03 13:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited)
tphksvc.exe -> C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -> [2010/12/02 15:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited)
tposdsvc.exe -> C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe -> [2010/11/29 19:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited)
micmute.exe -> C:\Program Files\Lenovo\HOTKEY\micmute.exe -> [2010/11/24 19:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited)
taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation)
conhost.exe -> C:\Windows\System32\conhost.exe -> [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation)
ccsvchst.exe -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/11/09 16:39:48 | 000,108,392 | ---- | M] (Symantec Corporation)
ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2010/11/09 16:39:46 | 000,115,560 | ---- | M] (Symantec Corporation)
smc.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2010/11/09 16:39:44 | 001,881,368 | ---- | M] (Symantec Corporation)
smcgui.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe -> [2010/11/09 16:39:44 | 001,459,528 | ---- | M] (Symantec Corporation)
rtvscan.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2010/11/09 16:39:42 | 001,831,024 | ---- | M] (Symantec Corporation)
tpnumlk.exe -> C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe -> [2010/10/29 23:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2010/09/22 15:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation)
svcguihlpr.exe -> C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe -> [2010/09/17 20:51:10 | 000,357,736 | ---- | M] (Lenovo)
acsvc.exe -> C:\Program Files\Lenovo\Access Connections\AcSvc.exe -> [2010/09/17 20:50:54 | 000,259,432 | ---- | M] (Lenovo)
acprfmgrsvc.exe -> C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -> [2010/09/17 20:50:48 | 000,124,264 | ---- | M] (Lenovo)
hidemyipsrv.exe -> C:\Program Files\Hide My IP\HideMyIpSrv.exe -> [2010/07/06 17:39:04 | 003,039,536 | ---- | M] (HideMyIP)
uns.exe -> C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2010/05/03 15:54:36 | 002,533,400 | ---- | M] (Intel Corporation)
lms.exe -> C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2010/05/03 15:54:32 | 000,325,656 | ---- | M] (Intel Corporation)
privacyiconclient.exe -> C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe -> [2010/05/03 15:54:28 | 001,522,200 | ---- | M] (Intel Corporation)
sftvsa.exe -> C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -> [2010/04/24 04:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation)
sftlist.exe -> C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -> [2010/04/24 04:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation)
tpfancontrol.exe -> C:\Program Files\TPFanControl\TPFanControl.exe -> [2010/04/23 12:21:00 | 000,154,112 | ---- | M] (troubadix)
lvvsst.exe -> C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -> [2010/04/07 17:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited)
virtscrl.exe -> C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe -> [2010/04/01 17:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited)
softinfo.exe -> C:\Program Files\Software Informer\softinfo.exe -> [2009/11/25 18:50:10 | 002,011,205 | ---- | M] (Informer Technologies, Inc.)
password_manager.exe -> C:\Program Files\Lenovo\Client Security Solution\password_manager.exe -> [2009/08/26 18:32:16 | 000,816,440 | ---- | M] (Lenovo Group Limited)
tvt_reg_monitor_svc.exe -> C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -> [2009/08/26 18:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
rcimgdir.exe -> C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe -> [2008/10/30 18:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.)
ulcdrsvr.exe -> C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.)
cvpnd.exe -> C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -> [2007/10/26 17:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.)
ctskmstr.exe -> C:\Program Files\PharosSystems\Core\CTskMstr.exe -> [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International)
iviregmgr.exe -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo)
 
[Modules - Safe List]
ots.exe -> C:\Users\Arjon\Desktop\New folder\OTS.exe -> [2011/04/30 15:19:34 | 000,645,632 | ---- | M] (OldTimer Tools)
sspicli.dll -> C:\Windows\System32\sspicli.dll -> [2010/11/20 08:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation)
samcli.dll -> C:\Windows\System32\samcli.dll -> [2010/11/20 08:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation)
netutils.dll -> C:\Windows\System32\netutils.dll -> [2010/11/20 08:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation)
kernelbase.dll -> C:\Windows\System32\KernelBase.dll -> [2010/11/20 08:19:26 | 000,288,256 | ---- | M] (Microsoft Corporation)
fms.dll -> C:\Windows\System32\fms.dll -> [2010/11/20 08:19:02 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
cfgmgr32.dll -> C:\Windows\System32\cfgmgr32.dll -> [2010/11/20 08:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation)
gdiplus.dll -> C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll -> [2010/11/20 07:55:08 | 001,624,576 | ---- | M] (Microsoft Corporation)
sechost.dll -> C:\Windows\System32\sechost.dll -> [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation)
profapi.dll -> C:\Windows\System32\profapi.dll -> [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation)
dwmapi.dll -> C:\Windows\System32\dwmapi.dll -> [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation)
devobj.dll -> C:\Windows\System32\devobj.dll -> [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation)
cryptbase.dll -> C:\Windows\System32\cryptbase.dll -> [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(DozeSvc) Lenovo Doze Mode Service [On_Demand | Stopped] -> C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -> [2011/04/19 03:52:00 | 000,292,200 | ---- | M] (Lenovo.)
(PwmEWSvc) Cisco EnergyWise Enabler [Auto | Running] -> C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -> [2011/04/19 03:52:00 | 000,143,360 | ---- | M] ()
(Power Manager DBC Service) Power Manager DBC Service [On_Demand | Stopped] -> C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -> [2011/04/19 03:52:00 | 000,083,304 | ---- | M] (Lenovo)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2011/04/09 23:20:51 | 000,655,624 | ---- | M] (Acresso Software Inc.)
(WatAdminSvc) Windows Activation Technologies Service [Unknown | Stopped] -> C:\Windows\System32\Wat\WatAdminSvc.exe -> [2011/03/31 11:14:23 | 001,343,400 | ---- | M] (Microsoft Corporation)
(TuneUp.UtilitiesSvc) TuneUp Utilities Service [Auto | Running] -> C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -> [2011/03/30 19:00:10 | 001,523,008 | ---- | M] (TuneUp Software)
(UxTuneUp) TuneUp Theme Extension [Auto | Running] -> C:\Windows\System32\uxtuneup.dll -> [2011/03/30 18:57:40 | 000,029,504 | ---- | M] (TuneUp Software)
(VMnetDHCP) VMware DHCP Service [Auto | Running] -> C:\Windows\System32\vmnetdhcp.exe -> [2011/03/25 23:51:46 | 000,334,448 | ---- | M] (VMware, Inc.)
(VMware NAT Service) VMware NAT Service [Auto | Running] -> C:\Windows\System32\vmnat.exe -> [2011/03/25 23:51:32 | 000,404,080 | ---- | M] (VMware, Inc.)
(VMAuthdService) VMware Authorization Service [Auto | Running] -> C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -> [2011/03/25 23:51:20 | 000,113,264 | ---- | M] (VMware, Inc.)
(VMUSBArbService) VMware USB Arbitration Service [Auto | Running] -> C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -> [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.)
(FontCache) Windows Font Cache Service [Auto | Running] -> C:\Windows\System32\FntCache.dll -> [2011/02/19 02:30:54 | 000,805,376 | ---- | M] (Microsoft Corporation)
(SUService) System Update [Auto | Running] -> C:\Program Files\Lenovo\System Update\SUService.exe -> [2011/02/18 20:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited)
(LENOVO.TPKNRSVC) Lenovo Keyboard Noise Reduction [Auto | Running] -> C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -> [2011/01/14 18:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited)
(LENOVO.CAMMUTE) Lenovo Camera Mute [Auto | Running] -> C:\Program Files\Lenovo\Communications Utility\CamMute.exe -> [2011/01/14 18:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited)
(Power) Power [Auto | Running] -> C:\Windows\System32\umpo.dll -> [2011/01/14 01:38:48 | 000,119,808 | ---- | M] (Microsoft Corporation)
(EvtEng) Intel(R) PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2010/12/17 17:22:40 | 000,936,208 | ---- | M] (Intel(R) Corporation)
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2010/12/17 17:08:40 | 000,477,456 | ---- | M] (Intel(R) Corporation)
(TPHKLOAD) Lenovo Hotkey Client Loader [Auto | Running] -> C:\Program Files\Lenovo\HOTKEY\tphkload.exe -> [2010/12/03 13:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited)
(TPHKSVC) On Screen Display [Auto | Running] -> C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -> [2010/12/02 15:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited)
(LENOVO.MICMUTE) Lenovo Microphone Mute [Auto | Running] -> C:\Program Files\Lenovo\HOTKEY\micmute.exe -> [2010/11/24 19:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited)
(sppuinotify) SPP Notification Service [On_Demand | Stopped] -> C:\Windows\System32\sppuinotify.dll -> [2010/11/20 08:21:24 | 000,053,760 | ---- | M] (Microsoft Corporation)
(HomeGroupProvider) HomeGroup Provider [On_Demand | Running] -> C:\Windows\System32\provsvc.dll -> [2010/11/20 08:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation)
(HomeGroupListener) HomeGroup Listener [On_Demand | Stopped] -> C:\Windows\System32\ListSvc.dll -> [2010/11/20 08:19:28 | 000,194,560 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\System32\dhcpcore.dll -> [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation)
(AxInstSV) ActiveX Installer (AxInstSV) [On_Demand | Stopped] -> C:\Windows\System32\AxInstSv.dll -> [2010/11/20 08:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation)
(sppsvc) Software Protection [Auto | Stopped] -> C:\Windows\System32\sppsvc.exe -> [2010/11/20 08:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/11/09 16:39:48 | 000,108,392 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2010/11/09 16:39:48 | 000,108,392 | ---- | M] (Symantec Corporation)
(SmcService) Symantec Management Client [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2010/11/09 16:39:44 | 001,881,368 | ---- | M] (Symantec Corporation)
(SNAC) Symantec Network Access Control [Disabled | Stopped] -> C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -> [2010/11/09 16:39:44 | 000,349,512 | ---- | M] (Symantec Corporation)
(Symantec AntiVirus) Symantec Endpoint Protection [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2010/11/09 16:39:42 | 001,831,024 | ---- | M] (Symantec Corporation)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2010/09/22 15:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation)
(AcSvc) AcSvc [Auto | Running] -> C:\Program Files\Lenovo\Access Connections\AcSvc.exe -> [2010/09/17 20:50:54 | 000,259,432 | ---- | M] (Lenovo)
(AcPrfMgrSvc) AcPrfMgrSvc [Auto | Running] -> C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -> [2010/09/17 20:50:48 | 000,124,264 | ---- | M] (Lenovo)
(ufad-ws60) VMware Agent Service [On_Demand | Stopped] -> C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -> [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.)
(HideMyIpSRV) HideMyIpSRV [On_Demand | Running] -> C:\Program Files\Hide My IP\HideMyIpSrv.exe -> [2010/07/06 17:39:04 | 003,039,536 | ---- | M] (HideMyIP)
(UNS) Intel(R) Management & Security Application User Notification Service [Auto | Running] -> C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2010/05/03 15:54:36 | 002,533,400 | ---- | M] (Intel Corporation)
(LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2010/05/03 15:54:32 | 000,325,656 | ---- | M] (Intel Corporation)
(sftvsa) Application Virtualization Service Agent [On_Demand | Running] -> C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -> [2010/04/24 04:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation)
(sftlist) Application Virtualization Client [Auto | Running] -> C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -> [2010/04/24 04:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation)
(Lenovo.VIRTSCRLSVC) Lenovo Auto Scroll [Auto | Running] -> C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -> [2010/04/07 17:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited)
(SwitchBoard) Adobe SwitchBoard [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -> [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated)
(LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -> [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation)
(TurboBoost) TurboBoost [On_Demand | Stopped] -> C:\Program Files\Intel\TurboBoost\TurboBoost.exe -> [2009/09/29 20:25:38 | 000,099,768 | ---- | M] (Intel(R) Corporation)
(ThinkVantage Registry Monitor Service) ThinkVantage Registry Monitor Service [Auto | Running] -> C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -> [2009/08/26 18:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited)
(WwanSvc) WWAN AutoConfig [On_Demand | Stopped] -> C:\Windows\System32\wwansvc.dll -> [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation)
(WbioSrvc) Windows Biometric Service [Auto | Stopped] -> C:\Windows\System32\wbiosrvc.dll -> [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
(Themes) Themes [Auto | Running] -> C:\Windows\System32\themeservice.dll -> [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation)
(RpcEptMapper) RPC Endpoint Mapper [Unknown | Running] -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation)
(SensrSvc) Adaptive Brightness [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation)
(PNRPsvc) Peer Name Resolution Protocol [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)
(p2pimsvc) Peer Networking Identity Manager [On_Demand | Stopped] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)
(PNRPAutoReg) PNRP Machine Name Publication Service [On_Demand | Stopped] -> C:\Windows\System32\pnrpauto.dll -> [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation)
(LPDSVC) LPD Service [Auto | Stopped] -> C:\Windows\System32\lpdsvc.dll -> [2009/07/13 21:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation)
(defragsvc) Disk Defragmenter [On_Demand | Stopped] -> C:\Windows\System32\defragsvc.dll -> [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
(BDESVC) BitLocker Drive Encryption Service [Unknown | Stopped] -> C:\Windows\System32\bdesvc.dll -> [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation)
(AppIDSvc) Application Identity [On_Demand | Stopped] -> C:\Windows\System32\appidsvc.dll -> [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation)
(HsfXAudioService) HsfXAudioService [Auto | Running] -> C:\Windows\System32\XAudio32.dll -> [2009/04/28 22:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(UleadBurningHelper) Ulead Burning Helper [Auto | Running] -> C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.)
(CVPND) Cisco Systems, Inc. VPN Service [Auto | Running] -> C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -> [2007/10/26 17:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.)
(Pharos Systems ComTaskMaster) Pharos Systems ComTaskMaster [Auto | Running] -> C:\Program Files\PharosSystems\Core\CTskMstr.exe -> [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International)
(IviRegMgr) IviRegMgr [Auto | Running] -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo)
 
[Driver Services - Safe List]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SYMEVENT.SYS -> [2011/05/01 12:08:16 | 000,124,976 | ---- | M] (Symantec Corporation)
(DozeHDD) DozeHDD [Kernel | Boot | Running] -> C:\Windows\System32\DRIVERS\DozeHDD.sys -> [2011/04/19 03:52:00 | 000,025,968 | ---- | M] (Lenovo.)
(TPPWRIF) TPPWRIF [Kernel | System | Running] -> C:\Windows\System32\drivers\TPPWR32V.SYS -> [2011/04/19 03:52:00 | 000,013,424 | ---- | M] (Lenovo Group Limited)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Symantec\Definitions\VirusDefs\20110503.003\NAVEX15.SYS -> [2011/04/18 08:58:58 | 001,393,144 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2011/04/18 08:58:58 | 000,371,248 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2011/04/18 08:58:58 | 000,102,448 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Symantec\Definitions\VirusDefs\20110503.003\NAVENG.SYS -> [2011/04/18 08:58:58 | 000,086,136 | ---- | M] (Symantec Corporation)
(vmx86) VMware vmx86 [Kernel | Auto | Running] -> C:\Windows\System32\drivers\vmx86.sys -> [2011/03/25 23:52:18 | 000,854,256 | ---- | M] (VMware, Inc.)
(vmci) VMware vmci [Kernel | Auto | Running] -> C:\Windows\System32\drivers\vmci.sys -> [2011/03/25 23:52:18 | 000,070,768 | ---- | M] (VMware, Inc.)
(vmkbd) VMware kbd [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VMkbd.sys -> [2011/03/25 23:50:52 | 000,024,688 | ---- | M] (VMware, Inc.)
(VMnetuserif) VMware Network Application Interface [Kernel | Auto | Running] -> C:\Windows\System32\drivers\vmnetuserif.sys -> [2011/03/25 23:50:06 | 000,026,352 | ---- | M] (VMware, Inc.)
(hcmon) VMware hcmon [Kernel | Auto | Running] -> C:\Windows\System32\drivers\hcmon.sys -> [2011/03/25 22:27:32 | 000,032,368 | ---- | M] (VMware, Inc.)
(VMnetBridge) VMware Bridge Protocol [Kernel | Auto | Running] -> C:\Windows\System32\drivers\vmnetbridge.sys -> [2011/03/25 20:05:00 | 000,036,400 | ---- | M] (VMware, Inc.)
(vmusb) VMware USB Client Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\vmusb.sys -> [2011/03/25 20:05:00 | 000,031,280 | ---- | M] (VMware, Inc.)
(VMnetAdapter) VMware Virtual Ethernet Adapter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\vmnetadapter.sys -> [2011/03/25 20:05:00 | 000,016,560 | ---- | M] (VMware, Inc.)
(TuneUpUtilitiesDrv) TuneUpUtilitiesDrv [Kernel | On_Demand | Running] -> C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -> [2011/02/10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software)
(5U877) USB Video Device [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\5U877.sys -> [2011/01/13 14:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.)
(NETwNs32) ___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NETwNs32.sys -> [2010/12/21 12:07:44 | 007,434,240 | ---- | M] (Intel Corporation)
(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\vhdmp.sys -> [2010/11/20 08:30:14 | 000,160,128 | ---- | M] (Microsoft Corporation)
(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\System32\drivers\rdyboost.sys -> [2010/11/20 08:30:10 | 000,173,440 | ---- | M] (Microsoft Corporation)
(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\hwpolicy.sys -> [2010/11/20 08:29:53 | 000,014,208 | ---- | M] (Microsoft Corporation)
(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\TsUsbFlt.sys -> [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation)
(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Running] -> C:\Windows\system32\drivers\1394ohci.sys -> [2010/11/20 06:01:12 | 000,164,864 | ---- | M] (Microsoft Corporation)
(WinUsb) WinUSB Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\winusb.sys -> [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation)
(CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\system32\drivers\CompositeBus.sys -> [2010/11/20 05:50:21 | 000,031,232 | ---- | M] (Microsoft Corporation)
(scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Running] -> C:\Windows\System32\drivers\scfilter.sys -> [2010/11/20 05:24:56 | 000,026,624 | ---- | M] (Microsoft Corporation)
(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\acpipmi.sys -> [2010/11/20 04:47:55 | 000,010,240 | ---- | M] (Microsoft Corporation)
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\srtspl.sys -> [2010/11/09 16:39:50 | 000,320,944 | ---- | M] (Symantec Corporation)
(SRTSP) SRTSP [File_System | System | Running] -> C:\Windows\System32\drivers\srtsp.sys -> [2010/11/09 16:39:50 | 000,283,184 | ---- | M] (Symantec Corporation)
(SRTSPX) SRTSPX [Kernel | System | Running] -> C:\Windows\System32\drivers\srtspx.sys -> [2010/11/09 16:39:50 | 000,043,696 | ---- | M] (Symantec Corporation)
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2010/11/09 16:39:36 | 000,421,424 | ---- | M] (Symantec Corporation)
(IntcDAud) Intel(R) Display Audio [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\IntcDAud.sys -> [2010/10/15 03:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation)
(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\fssfltr.sys -> [2010/09/23 03:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation)
(lenovo.smi) Lenovo System Interface Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\smiif32.sys -> [2010/09/07 17:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited)
(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\CHDRT32.sys -> [2010/08/25 13:45:56 | 000,486,016 | ---- | M] (Conexant Systems Inc.)
(vstor2-ws60) Vstor2 WS60 Virtual Storage Driver [Kernel | Auto | Running] -> C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -> [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.)
(pmxdrv) pmxdrv [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\pmxdrv.sys -> [2010/08/12 15:33:28 | 000,816,792 | ---- | M] ()
(e1kexpress) Intel(R) PRO/1000 PCI Express Network Connection Driver K [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\e1k6232.sys -> [2010/07/22 12:38:06 | 000,215,208 | ---- | M] (Intel Corporation)
(Shockprf) Shockprf [Kernel | Boot | Running] -> C:\Windows\System32\DRIVERS\Apsx86.sys -> [2010/06/16 16:44:38 | 000,120,432 | ---- | M] (Lenovo.)
(TPDIGIMN) TPDIGIMN [Kernel | Boot | Running] -> C:\Windows\System32\DRIVERS\ApsHM86.sys -> [2010/06/16 16:44:38 | 000,020,592 | ---- | M] (Lenovo.)
(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\drivers\XAudio32.sys -> [2010/05/10 17:47:34 | 000,015,416 | ---- | M] (Conexant Systems, Inc.)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Sftvol) Sftvol [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Sftvollh.sys -> [2010/04/24 04:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation)
(Sftredir) Sftredir [File_System | On_Demand | Running] -> C:\Windows\System32\drivers\Sftredirlh.sys -> [2010/04/24 04:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation)
(Sftplay) Sftplay [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Sftplaylh.sys -> [2010/04/24 04:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation)
(Sftfs) Sftfs [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Sftfslh.sys -> [2010/04/24 04:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation)
(TotRec8) Total Recorder WDM audio filter driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\TotRec8.sys -> [2010/04/12 17:13:02 | 000,091,728 | ---- | M] (High Criteria inc.)
(TotRec7) Total Recorder WDM audio driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\TotRec7.sys -> [2010/04/12 17:12:56 | 000,131,664 | ---- | M] (High Criteria inc.)
(NETw5s32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NETw5s32.sys -> [2010/03/18 01:21:16 | 006,758,912 | ---- | M] (Intel Corporation)
(Impcd) Impcd [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Impcd.sys -> [2010/02/26 18:31:22 | 000,132,480 | ---- | M] (Intel Corporation)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(rimspci) rimspci [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimspe86.sys -> [2009/10/26 01:39:00 | 000,048,640 | ---- | M] (REDC)
(TurboB) Turbo Boost UI Monitor driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\TurboB.sys -> [2009/09/29 20:25:42 | 000,013,752 | ---- | M] ()
(TVTI2C) Lenovo SM bus driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tvti2c.sys -> [2009/09/24 07:58:52 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.)
(HECI) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HECI.sys -> [2009/09/17 00:54:14 | 000,041,088 | ---- | M] (Intel Corporation)
(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\ksecpkg.sys -> [2009/07/13 21:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation)
(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\fsdepends.sys -> [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation)
(vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running] -> C:\Windows\system32\drivers\vdrvroot.sys -> [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\wimmount.sys -> [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\pcw.sys -> [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation)
(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\cng.sys -> [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation)
(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\rdpbus.sys -> [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation)
(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\System32\drivers\RDPREFMP.sys -> [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation)
(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\agilevpn.sys -> [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation)
(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\System32\drivers\wfplwf.sys -> [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation)
(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ndiscap.sys -> [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation)
(vwififlt) Virtual WiFi Filter Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\vwififlt.sys -> [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation)
(vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\vwifibus.sys -> [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation)
(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\umpass.sys -> [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation)
(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mshidkmdf.sys -> [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation)
(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MTConfig.sys -> [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation)
(discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\System32\drivers\discache.sys -> [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation)
(TPM) TPM [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tpm.sys -> [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation)
(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdppm.sys -> [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation)
(netw5v32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\netw5v32.sys -> [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation)
(psadd) Lenovo Parties Service Access Device Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\psadd.sys -> [2009/07/01 22:16:16 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.)
(LenovoRd) LenovoRd [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\LenovoRd.sys -> [2009/05/10 22:33:48 | 000,088,832 | ---- | M] (Lenovo)
(smihlp2) SMI Helper Driver (smihlp2) [Kernel | Auto | Running] -> C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -> [2009/03/13 16:47:26 | 000,012,560 | ---- | M] (UPEK Inc.)
(mcdbus) Driver for MagicISO SCSI Host Controller [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mcdbus.sys -> [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.)
(CVPNDRVA) Cisco Systems Inc. IPSec Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\CVPNDRVA.sys -> [2007/10/26 17:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.)
(regi) regi [Kernel | Auto | Running] -> C:\Windows\System32\drivers\regi.sys -> [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo)
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\dne2000.sys -> [2007/01/31 16:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\CVirtA.sys -> [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.)
(TVicPort) TVicPort [Kernel | Auto | Running] -> C:\Windows\System32\drivers\TVicPort.sys -> [2006/10/13 03:21:00 | 000,020,512 | ---- | M] (EnTech Taiwan)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" [HKLM] -> C:\Program Files\BitTorrentBar\tbBitT.dll [BitTorrentBar Toolbar] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://www.msn.com/?ocid=OIE9HP -> 
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.msn.com/?ocid=OIE9HP -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll [YTNavAssist.YTNavAssistPlugin Class] -> [2011/01/20 23:49:58 | 000,213,816 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" [HKLM] -> C:\Program Files\BitTorrentBar\tbBitT.dll [BitTorrentBar Toolbar] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b} -> C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO] -> [2011/05/02 13:07:01 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085} -> C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA] -> [2011/05/02 13:07:02 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2011/04/25 00:08:36 | 000,000,882 | ---- | M] - 23 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1 activate.adobe.com
74.208.10.249 gs.apple.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> [2011/01/21 04:19:34 | 001,389,880 | ---- | M] (Yahoo! Inc.)
{30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
{326E768D-4182-46FD-9C16-1449A49795F4} [HKLM] -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [DivX Plus Web Player HTML5 <video>] -> [2011/02/07 20:17:52 | 003,118,976 | ---- | M] (DivX, LLC)
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} [HKLM] -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [DivX HiQ] -> [2011/02/07 20:17:52 | 003,118,976 | ---- | M] (DivX, LLC)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2010/09/22 15:03:38 | 000,191,792 | ---- | M] (Microsoft Corporation)
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [HKLM] -> C:\Program Files\BitTorrentBar\tbBitT.dll [BitTorrentBar Toolbar] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
{9D425283-D487-4337-BAB6-AB8354A81457} [HKLM] -> C:\Program Files\Search Toolbar\SearchToolbar.dll [Search Toolbar] -> [2010/04/08 10:52:20 | 000,271,024 | ---- | M] ()
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Plug-In] -> [2011/03/18 15:06:08 | 001,164,680 | ---- | M] (Skype Technologies S.A.)
{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} [HKLM] -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [IePasswordManagerHelper Class] -> [2010/08/06 20:27:58 | 000,768,576 | ---- | M] (Lenovo Group Limited)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [Bing Bar BHO] -> [2010/09/22 16:19:36 | 000,612,616 | ---- | M] (Microsoft Corporation)
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [SingleInstance Class] -> [2011/01/21 04:19:36 | 000,163,128 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" [HKLM] -> C:\Program Files\BitTorrentBar\tbBitT.dll [BitTorrentBar Toolbar] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100] -> [2010/09/22 16:19:36 | 000,612,616 | ---- | M] (Microsoft Corporation)
"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> C:\Program Files\Search Toolbar\SearchToolbar.dll [Search Toolbar] -> [2010/04/08 10:52:20 | 000,271,024 | ---- | M] ()
"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> [2011/01/21 04:19:34 | 001,389,880 | ---- | M] (Yahoo! Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}" [HKLM] -> C:\Program Files\BitTorrentBar\tbBitT.dll [BitTorrentBar Toolbar] -> [2010/12/09 12:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> C:\Program Files\Search Toolbar\SearchToolbar.dll [Search Toolbar] -> [2010/04/08 10:52:20 | 000,271,024 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AcWin7Hlpr" -> C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe] -> [2010/09/17 20:53:14 | 000,031,592 | ---- | M] (Lenovo)
"AdobeAAMUpdater-1.0" -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe ["C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"] -> [2010/03/06 03:44:40 | 000,500,208 | ---- | M] (Adobe Systems Incorporated)
"AdobeCS5ServiceManager" -> C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe ["C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin] -> [2010/07/22 22:10:47 | 000,402,432 | ---- | M] (Adobe Systems Incorporated)
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2010/11/09 16:39:46 | 000,115,560 | ---- | M] (Symantec Corporation)
"DivXUpdate" -> C:\Program Files\DivX\DivX Update\DivXUpdate.exe ["C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW] -> [2011/03/21 14:56:16 | 001,230,704 | ---- | M] ()
"IMSS" -> C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ["C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"] -> [2010/05/03 15:54:24 | 000,112,152 | ---- | M] (Intel Corporation)
"LENOVO.TPKNRRES" -> C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe] -> [2011/01/14 18:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited)
"PSQLLauncher" -> C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe ["C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup] -> [2010/12/08 12:04:04 | 000,055,120 | ---- | M] (UPEK Inc.)
"PWMTRV" -> C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor] -> [2011/04/19 03:52:00 | 001,258,856 | ---- | M] (Lenovo Group Limited)
"RotateImage" -> C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe [C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe] -> [2008/10/30 18:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.)
"SmartAudio" -> C:\Program Files\CONEXANT\SAII\SAIICpl.exe [C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t] -> [2009/11/15 20:45:12 | 000,307,768 | ---- | M] ()
"SwitchBoard" -> C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe] -> [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated)
"TPFanControl" -> C:\Program Files\TPFanControl\TPFanControl.exe [C:\Program Files\TPFanControl\TPFanControl.exe] -> [2010/04/23 12:21:00 | 000,154,112 | ---- | M] (troubadix)
"vmware-tray" -> C:\Program Files\VMware\VMware Workstation\vmware-tray.exe ["C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"] -> [2011/03/25 23:51:34 | 000,129,648 | ---- | M] (VMware, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"googletalk" -> C:\Users\Arjon\AppData\Roaming\Google\Google Talk\googletalk.exe [C:\Users\Arjon\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart] -> [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google)
"Software Informer" -> C:\Program Files\Software Informer\softinfo.exe ["C:\Program Files\Software Informer\softinfo.exe" -autorun] -> [2009/11/25 18:50:10 | 002,011,205 | ---- | M] (Informer Technologies, Inc.)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2011/04/22 09:07:58 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [255] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"DisableCAD" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Plug-In] -> [2011/03/18 15:06:08 | 001,164,680 | ---- | M] (Skype Technologies S.A.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Plug-In] -> [2011/03/18 15:06:08 | 001,164,680 | ---- | M] (Skype Technologies S.A.)
{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}:{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} [HKLM] -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [Menu: Lenovo Password Manager...] -> [2010/08/06 20:27:58 | 000,768,576 | ---- | M] (Lenovo Group Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] -> 
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab [Java Plug-in 1.6.0_24] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 68.237.161.12 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{724BC764-D2F8-4E7D-9C31-1774565D1656}\\DhcpNameServer -> 192.168.1.1 68.237.161.12   (Intel(R) Centrino(R) Ultimate-N 6300 AGN) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
psfus -> C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll -> [2010/12/08 13:16:00 | 000,100,176 | ---- | M] (UPEK Inc.)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
pku2u -> C:\Windows\System32\pku2u.dll -> [2009/07/13 21:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
livessp -> C:\Windows\System32\livessp.dll -> [2010/09/21 17:03:14 | 000,208,768 | ---- | M] (Microsoft Corp.)
*MultiFile Done* -> -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\system32\drivers\cdrom.sys [\SystemRoot\system32\drivers\cdrom.sys] -> [2010/11/20 04:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009/06/10 17:42:20 | 000,000,024 | ---- | M] ()
Q:\AUTORUN.INF [[AutoRun] | open=LenovoQDrive.exe | icon=qdrive.ico | ] -> Q:\AUTORUN.INF [ NTFS ] -> [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{9eb2da89-668a-11e0-9d6c-f0def10837b2}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9eb2da89-668a-11e0-9d6c-f0def10837b2}\shell
\{9eb2da89-668a-11e0-9d6c-f0def10837b2}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9eb2da89-668a-11e0-9d6c-f0def10837b2}\shell\AutoRun\command
\{9eb2da89-668a-11e0-9d6c-f0def10837b2}\shell\AutoRun\command\\"" ->  [E:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 PC-Doctor for Windows -> C:\ProgramData\PC-Doctor for Windows -> [2011/05/03 18:34:01 | 000,000,000 | ---D | C]
 PCDr -> C:\Users\Arjon\AppData\Roaming\PCDr -> [2011/05/03 18:33:00 | 000,000,000 | ---D | C]
 PSS57B35.DLL -> C:\Windows\System32\PSS57B35.DLL -> [2011/05/03 17:57:55 | 000,011,264 | ---- | C] (Pharos Systems International)
 Aviosoft -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aviosoft -> [2011/05/03 11:45:43 | 000,000,000 | ---D | C]
 Aviosoft -> C:\ProgramData\Aviosoft -> [2011/05/03 11:45:36 | 000,000,000 | ---D | C]
 Aviosoft -> C:\Program Files\Aviosoft -> [2011/05/03 11:45:36 | 000,000,000 | ---D | C]
 Citrix -> C:\Program Files\Citrix -> [2011/05/02 23:11:56 | 000,000,000 | ---D | C]
 Corel DVD MovieFactory -> C:\Users\Arjon\Documents\Corel DVD MovieFactory -> [2011/05/02 15:46:40 | 000,000,000 | ---D | C]
 xml_param -> C:\ProgramData\xml_param -> [2011/05/02 14:49:24 | 000,000,000 | ---D | C]
 iMate -> C:\Users\Arjon\Documents\iMate -> [2011/05/02 14:49:24 | 000,000,000 | ---D | C]
 DivX -> C:\Users\Arjon\AppData\Roaming\DivX -> [2011/05/02 13:06:43 | 000,000,000 | ---D | C]
 PX Storage Engine -> C:\Program Files\Common Files\PX Storage Engine -> [2011/05/02 13:06:20 | 000,000,000 | ---D | C]
 DivX Plus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus -> [2011/05/02 13:05:57 | 000,000,000 | ---D | C]
 DivX Shared -> C:\Program Files\Common Files\DivX Shared -> [2011/05/02 13:05:43 | 000,000,000 | ---D | C]
 DivX -> C:\ProgramData\DivX -> [2011/05/02 13:04:13 | 000,000,000 | ---D | C]
 ElcomSoft -> C:\Program Files\ElcomSoft -> [2011/05/02 12:19:31 | 000,000,000 | ---D | C]
 SPBA -> C:\Program Files\Common Files\SPBA -> [2011/05/01 21:59:24 | 000,000,000 | ---D | C]
 PSS01D1D.DLL -> C:\Windows\System32\PSS01D1D.DLL -> [2011/05/01 14:18:46 | 000,011,264 | ---- | C] (Pharos Systems International)
 SPReview -> C:\Windows\System32\SPReview -> [2011/05/01 13:41:19 | 000,000,000 | ---D | C]
 EventProviders -> C:\Windows\System32\EventProviders -> [2011/05/01 13:34:04 | 000,000,000 | ---D | C]
 fms.dll -> C:\Windows\System32\fms.dll -> [2011/05/01 13:19:37 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider)
 SYMEVENT.SYS -> C:\Windows\System32\drivers\SYMEVENT.SYS -> [2011/05/01 12:08:03 | 000,124,976 | ---- | C] (Symantec Corporation)
 Symantec Shared -> C:\Program Files\Common Files\Symantec Shared -> [2011/05/01 12:06:15 | 000,000,000 | ---D | C]
 Symantec Endpoint Protection -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection -> [2011/05/01 12:06:15 | 000,000,000 | ---D | C]
 Symantec -> C:\Program Files\Symantec -> [2011/05/01 12:06:15 | 000,000,000 | ---D | C]
 F-Secure -> C:\Program Files\F-Secure -> [2011/05/01 02:58:47 | 000,000,000 | ---D | C]
 fssg -> C:\ProgramData\fssg -> [2011/05/01 02:49:37 | 000,000,000 | ---D | C]
 f-secure -> C:\ProgramData\f-secure -> [2011/05/01 02:43:04 | 000,000,000 | ---D | C]
 ElevatedDiagnostics -> C:\Users\Arjon\AppData\Local\ElevatedDiagnostics -> [2011/05/01 02:11:27 | 000,000,000 | ---D | C]
 LDW -> C:\Users\Arjon\Documents\LDW -> [2011/04/30 22:41:46 | 000,000,000 | ---D | C]
 AVSoftware -> C:\Users\Arjon\AppData\Roaming\AVSoftware -> [2011/04/30 19:53:54 | 000,000,000 | ---D | C]
 AVLib.dll -> C:\Windows\System32\AVLib.dll -> [2011/04/30 19:51:47 | 000,303,240 | ---- | C] (AVSoftware, Ltd)
 Hide The IP -> C:\Program Files\Hide The IP -> [2011/04/30 19:51:36 | 000,000,000 | ---D | C]
 PackageAware -> C:\Users\Arjon\AppData\Local\PackageAware -> [2011/04/30 19:50:49 | 000,000,000 | ---D | C]
 New folder -> C:\Users\Arjon\Desktop\New folder -> [2011/04/30 19:35:35 | 000,000,000 | ---D | C]
 {9CDD5999-74CB-4416-9385-5C398ED8F46D} -> C:\Users\Arjon\AppData\Local\{9CDD5999-74CB-4416-9385-5C398ED8F46D} -> [2011/04/30 14:53:45 | 000,000,000 | ---D | C]
 EurekaLog -> C:\Users\Arjon\AppData\Roaming\EurekaLog -> [2011/04/30 14:44:57 | 000,000,000 | ---D | C]
 DownloadToolz -> C:\Program Files\DownloadToolz -> [2011/04/30 14:43:28 | 000,000,000 | ---D | C]
 HMIPCore.dll -> C:\Windows\System32\HMIPCore.dll -> [2011/04/30 12:40:49 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.)
 Hide My IP 5 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide My IP 5 -> [2011/04/30 12:40:45 | 000,000,000 | ---D | C]
 Hide My IP -> C:\Program Files\Hide My IP -> [2011/04/30 12:40:45 | 000,000,000 | ---D | C]
 jv16 PowerTools 2011 -> C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2011 -> [2011/04/30 00:13:51 | 000,000,000 | ---D | C]
 jv16 PowerTools 2011 -> C:\Program Files\jv16 PowerTools 2011 -> [2011/04/30 00:13:20 | 000,000,000 | ---D | C]
 MadCHook.dll -> C:\Windows\System32\MadCHook.dll -> [2011/04/29 08:23:12 | 000,109,568 | ---- | C] (www.madshi.net)
 PSP0AF74.DLL -> C:\Windows\System32\PSP0AF74.DLL -> [2011/04/29 08:23:10 | 000,442,368 | ---- | C] (Pharos Systems International)
 PSS0AF7C.DLL -> C:\Windows\System32\PSS0AF7C.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International)
 PSS0AF7B.DLL -> C:\Windows\System32\PSS0AF7B.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International)
 PSS0AF7A.DLL -> C:\Windows\System32\PSS0AF7A.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International)
 PSS0AF79.DLL -> C:\Windows\System32\PSS0AF79.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International)
 PSS0AF78.DLL -> C:\Windows\System32\PSS0AF78.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International)
 PSS0AF77.DLL -> C:\Windows\System32\PSS0AF77.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International)
 PSS0AF76.DLL -> C:\Windows\System32\PSS0AF76.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International)
 PSS0AF75.DLL -> C:\Windows\System32\PSS0AF75.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International)
 PSS0AF74.DLL -> C:\Windows\System32\PSS0AF74.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International)
 PSR0AF4A.DLL -> C:\Windows\System32\PSR0AF4A.DLL -> [2011/04/29 08:23:07 | 000,249,856 | ---- | C] (Pharos Systems International)
 PharosSystems -> C:\Program Files\PharosSystems -> [2011/04/29 08:23:06 | 000,000,000 | ---D | C]
 Pharos -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pharos -> [2011/04/29 08:23:02 | 000,000,000 | ---D | C]
 GRT Recover My File -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRT Recover My File -> [2011/04/29 07:27:29 | 000,000,000 | ---D | C]
 GRT Recover My File -> C:\Program Files\GRT Recover My File -> [2011/04/29 07:27:29 | 000,000,000 | ---D | C]
 Ask.com -> C:\Program Files\Ask.com -> [2011/04/28 19:32:30 | 000,000,000 | ---D | C]
 Firefox -> C:\Firefox -> [2011/04/28 19:32:29 | 000,000,000 | ---D | C]
 {7A831A41-C098-4F1E-AA3B-5CA24E913A41} -> C:\Users\Arjon\AppData\Local\{7A831A41-C098-4F1E-AA3B-5CA24E913A41} -> [2011/04/28 18:25:54 | 000,000,000 | ---D | C]
 My Received Files -> C:\Users\Arjon\Documents\My Received Files -> [2011/04/27 22:24:01 | 000,000,000 | ---D | C]
 {B2641D65-771F-43D0-95BB-B2846A207F3E} -> C:\Users\Arjon\AppData\Local\{B2641D65-771F-43D0-95BB-B2846A207F3E} -> [2011/04/27 21:41:23 | 000,000,000 | ---D | C]
 IGFXDEVLib.dll -> C:\Windows\System32\IGFXDEVLib.dll -> [2011/04/26 20:56:09 | 000,004,096 | ---- | C] ( )
 Symantec -> C:\Users\Arjon\AppData\Local\Symantec -> [2011/04/26 12:23:16 | 000,000,000 | ---D | C]
 tmp -> C:\Users\Arjon\Desktop\tmp -> [2011/04/26 12:14:56 | 000,000,000 | ---D | C]
 .# -> C:\Users\Arjon\AppData\Roaming\.# -> [2011/04/26 12:07:44 | 000,000,000 | -HSD | C]
 SWF Studio -> C:\Program Files\Common Files\SWF Studio -> [2011/04/26 12:07:41 | 000,000,000 | ---D | C]
 CellSoftNet -> C:\Program Files\CellSoftNet -> [2011/04/26 07:45:22 | 000,000,000 | ---D | C]
 Symantec -> C:\ProgramData\Symantec -> [2011/04/26 02:40:52 | 000,000,000 | ---D | C]
 AVG10 -> C:\Users\Arjon\AppData\Roaming\AVG10 -> [2011/04/26 01:24:38 | 000,000,000 | ---D | C]
 Common Files -> C:\ProgramData\Common Files -> [2011/04/26 01:23:44 | 000,000,000 | -H-D | C]
 AVG10 -> C:\ProgramData\AVG10 -> [2011/04/26 01:22:11 | 000,000,000 | ---D | C]
 AVG -> C:\Program Files\AVG -> [2011/04/26 01:21:40 | 000,000,000 | ---D | C]
 MFAData -> C:\ProgramData\MFAData -> [2011/04/26 01:19:03 | 000,000,000 | ---D | C]
 Ashisoft -> C:\Users\Arjon\AppData\Local\Ashisoft -> [2011/04/25 22:28:38 | 000,000,000 | ---D | C]
 Almeza -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Almeza -> [2011/04/25 11:36:10 | 000,000,000 | ---D | C]
 {5A6A820E-6F03-4F15-8D1A-560276E81C68} -> C:\Users\Arjon\AppData\Local\{5A6A820E-6F03-4F15-8D1A-560276E81C68} -> [2011/04/25 11:33:57 | 000,000,000 | ---D | C]
 Almeza -> C:\Program Files\Almeza -> [2011/04/25 11:23:43 | 000,000,000 | ---D | C]
 .shsh -> C:\Users\Arjon\.shsh -> [2011/04/25 00:06:47 | 000,000,000 | ---D | C]
 Sun -> C:\ProgramData\Sun -> [2011/04/25 00:06:23 | 000,000,000 | ---D | C]
 Java -> C:\Program Files\Common Files\Java -> [2011/04/25 00:06:21 | 000,000,000 | ---D | C]
 AllMySongs Database -> C:\Windows\AllMySongs Database -> [2011/04/24 03:11:58 | 000,000,000 | ---D | C]
 AllMySongs Database -> C:\AllMySongs Database -> [2011/04/24 03:11:58 | 000,000,000 | ---D | C]
 InterVideo -> C:\Users\Arjon\Documents\InterVideo -> [2011/04/23 23:41:49 | 000,000,000 | ---D | C]
 InterVideo -> C:\Users\Arjon\AppData\Roaming\InterVideo -> [2011/04/23 23:40:06 | 000,000,000 | ---D | C]
 dvdcss -> C:\Users\Arjon\AppData\Roaming\dvdcss -> [2011/04/23 23:24:43 | 000,000,000 | ---D | C]
 WinX DVD Author -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinX DVD Author -> [2011/04/23 16:25:16 | 000,000,000 | ---D | C]
 Digiarty -> C:\Users\Arjon\AppData\Roaming\Digiarty -> [2011/04/23 16:22:53 | 000,000,000 | ---D | C]
 Digiarty -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty -> [2011/04/23 16:22:18 | 000,000,000 | ---D | C]
 Digiarty -> C:\Program Files\Digiarty -> [2011/04/23 16:22:16 | 000,000,000 | ---D | C]
 4Media -> C:\Users\Arjon\AppData\Roaming\4Media -> [2011/04/22 09:14:46 | 000,000,000 | ---D | C]
 4Media -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Media -> [2011/04/22 09:14:09 | 000,000,000 | ---D | C]
 wrap_oal.dll -> C:\Windows\System32\wrap_oal.dll -> [2011/04/22 09:14:00 | 000,444,952 | ---- | C] (Creative Labs)
 OpenAL -> C:\Program Files\OpenAL -> [2011/04/22 09:14:00 | 000,000,000 | ---D | C]
 Search Toolbar -> C:\Program Files\Search Toolbar -> [2011/04/22 09:11:51 | 000,000,000 | ---D | C]
 4Media -> C:\ProgramData\4Media -> [2011/04/22 09:11:42 | 000,000,000 | ---D | C]
 4Media -> C:\Program Files\4Media -> [2011/04/22 09:11:42 | 000,000,000 | ---D | C]
 Google Talk -> C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk -> [2011/04/21 19:23:34 | 000,000,000 | ---D | C]
 Google -> C:\Users\Arjon\AppData\Roaming\Google -> [2011/04/21 19:23:31 | 000,000,000 | ---D | C]
 WLANProfiles -> C:\Windows\System32\WLANProfiles -> [2011/04/21 00:54:07 | 000,000,000 | -H-D | C]
 BrowserPlus -> C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus -> [2011/04/20 22:59:37 | 000,000,000 | ---D | C]
 Yahoo! -> C:\Users\Arjon\AppData\Local\Yahoo! -> [2011/04/20 22:59:17 | 000,000,000 | ---D | C]
 Yahoo! Companion -> C:\ProgramData\Yahoo! Companion -> [2011/04/20 22:58:55 | 000,000,000 | ---D | C]
 Yahoo! Messenger -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger -> [2011/04/20 22:58:24 | 000,000,000 | ---D | C]
 {751E3DE2-98D0-4004-87D8-518F7492A1C1} -> C:\Users\Arjon\AppData\Local\{751E3DE2-98D0-4004-87D8-518F7492A1C1} -> [2011/04/20 22:57:55 | 000,000,000 | ---D | C]
 Senstic -> C:\Users\Arjon\AppData\Local\Senstic -> [2011/04/20 01:20:14 | 000,000,000 | ---D | C]
 vmnetdhcp.exe -> C:\Windows\System32\vmnetdhcp.exe -> [2011/04/20 01:19:47 | 000,334,448 | ---- | C] (VMware, Inc.)
 vmnat.exe -> C:\Windows\System32\vmnat.exe -> [2011/04/20 01:19:46 | 000,404,080 | ---- | C] (VMware, Inc.)
 vmnetuserif.sys -> C:\Windows\System32\drivers\vmnetuserif.sys -> [2011/04/20 01:19:45 | 000,026,352 | ---- | C] (VMware, Inc.)
 vnetlib.dll -> C:\Windows\System32\vnetlib.dll -> [2011/04/20 01:19:40 | 000,760,432 | ---- | C] (VMware, Inc.)
 VMkbd.sys -> C:\Windows\System32\drivers\VMkbd.sys -> [2011/04/20 01:19:18 | 000,024,688 | ---- | C] (VMware, Inc.)
 VMware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware -> [2011/04/20 01:17:52 | 000,000,000 | ---D | C]
 VMware -> C:\Program Files\Common Files\VMware -> [2011/04/20 01:17:05 | 000,000,000 | ---D | C]
 archdb -> C:\archdb -> [2011/04/20 01:13:01 | 000,000,000 | ---D | C]
 Senstic -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Senstic -> [2011/04/20 00:40:03 | 000,000,000 | ---D | C]
 hotcore3.sys -> C:\Windows\System32\drivers\hotcore3.sys -> [2011/04/19 23:40:20 | 000,056,208 | ---- | C] (Paragon Software Group)
 Paragon Software -> C:\Program Files\Paragon Software -> [2011/04/19 23:39:40 | 000,000,000 | ---D | C]
 Paragon -> C:\ProgramData\Paragon -> [2011/04/19 23:39:40 | 000,000,000 | ---D | C]
 vmware and mac os x -> C:\Users\Arjon\Documents\vmware and mac os x -> [2011/04/19 15:48:01 | 000,000,000 | ---D | C]
 AnyToISO -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyToISO -> [2011/04/19 14:53:59 | 000,000,000 | ---D | C]
 AnyToISO -> C:\Program Files\AnyToISO -> [2011/04/19 14:51:11 | 000,000,000 | ---D | C]
 MagicISO -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO -> [2011/04/19 14:35:33 | 000,000,000 | ---D | C]
 MagicISO -> C:\Program Files\MagicISO -> [2011/04/19 14:35:30 | 000,000,000 | ---D | C]
 Virtual Machines -> C:\Users\Arjon\Documents\Virtual Machines -> [2011/04/18 23:50:44 | 000,000,000 | ---D | C]
 VMware -> C:\Users\Arjon\AppData\Local\VMware -> [2011/04/18 23:36:08 | 000,000,000 | ---D | C]
 {BCAACA3D-E8B5-4EF7-88D4-963368BAACD5} -> C:\Users\Arjon\AppData\Local\{BCAACA3D-E8B5-4EF7-88D4-963368BAACD5} -> [2011/04/18 22:20:11 | 000,000,000 | ---D | C]
 TURegOpt.exe -> C:\Windows\System32\TURegOpt.exe -> [2011/04/18 19:16:44 | 000,031,552 | ---- | C] (TuneUp Software)
 uxtuneup.dll -> C:\Windows\System32\uxtuneup.dll -> [2011/04/18 19:16:34 | 000,029,504 | ---- | C] (TuneUp Software)
 authuitu.dll -> C:\Windows\System32\authuitu.dll -> [2011/04/18 19:16:34 | 000,021,312 | ---- | C] (TuneUp Software)
 TuneUp Utilities 2011 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 -> [2011/04/18 19:16:22 | 000,000,000 | ---D | C]
 TuneUp Software -> C:\Users\Arjon\AppData\Roaming\TuneUp Software -> [2011/04/18 19:15:20 | 000,000,000 | ---D | C]
 TuneUp Utilities 2011 -> C:\Program Files\TuneUp Utilities 2011 -> [2011/04/18 19:14:25 | 000,000,000 | ---D | C]
 TuneUp Software -> C:\ProgramData\TuneUp Software -> [2011/04/18 19:13:08 | 000,000,000 | ---D | C]
 {24036256-BFDB-4CD3-BE8A-A3D6160F2E16} -> C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} -> [2011/04/18 19:11:55 | 000,000,000 | -HSD | C]
 TotalRecorder -> C:\Users\Arjon\AppData\Roaming\TotalRecorder -> [2011/04/18 18:25:30 | 000,000,000 | ---D | C]
 TotRec8.sys -> C:\Windows\System32\drivers\TotRec8.sys -> [2011/04/18 18:25:17 | 000,091,728 | ---- | C] (High Criteria inc.)
 Total Recorder -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Recorder -> [2011/04/18 18:25:17 | 000,000,000 | ---D | C]
 HighCriteria -> C:\Program Files\HighCriteria -> [2011/04/18 18:24:35 | 000,000,000 | ---D | C]
 Easy Watermark Studio -> C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Watermark Studio -> [2011/04/18 11:09:15 | 000,000,000 | ---D | C]
 Easy Watermark Studio -> C:\Users\Arjon\AppData\Roaming\Easy Watermark Studio -> [2011/04/18 11:09:15 | 000,000,000 | ---D | C]
 Easy Watermark Studio -> C:\Program Files\Easy Watermark Studio -> [2011/04/18 11:09:14 | 000,000,000 | ---D | C]
 {5AA4902D-2166-4DB8-8B6E-EB914D1B1540} -> C:\Users\Arjon\AppData\Local\{5AA4902D-2166-4DB8-8B6E-EB914D1B1540} -> [2011/04/18 01:53:27 | 000,000,000 | ---D | C]
 {119EA93D-54BB-494C-BB7E-3C7C83BDE158} -> C:\Users\Arjon\AppData\Local\{119EA93D-54BB-494C-BB7E-3C7C83BDE158} -> [2011/04/16 17:08:52 | 000,000,000 | ---D | C]
 {2E744419-9F4F-46A0-86D0-748481CB4B4A} -> C:\Users\Arjon\AppData\Local\{2E744419-9F4F-46A0-86D0-748481CB4B4A} -> [2011/04/16 00:34:31 | 000,000,000 | ---D | C]
 {CAD0986A-F765-42A8-9D42-B2AE2F8E40E5} -> C:\Users\Arjon\AppData\Local\{CAD0986A-F765-42A8-9D42-B2AE2F8E40E5} -> [2011/04/15 12:08:25 | 000,000,000 | ---D | C]
 NeoDownloader -> C:\Users\Arjon\AppData\Roaming\NeoDownloader -> [2011/04/14 21:01:29 | 000,000,000 | ---D | C]
 {E91F93C4-E17B-4359-9762-AEA41004EAE0} -> C:\Users\Arjon\AppData\Local\{E91F93C4-E17B-4359-9762-AEA41004EAE0} -> [2011/04/14 07:33:06 | 000,000,000 | ---D | C]
 JGsoft -> C:\Users\Arjon\AppData\Roaming\JGsoft -> [2011/04/13 23:30:00 | 000,000,000 | ---D | C]
 UnDeployV.exe -> C:\Windows\UnDeployV.exe -> [2011/04/13 23:29:53 | 000,067,312 | ---- | C] (Just Great Software)
 {1B06CA4B-457B-41DA-9F84-501EF5A27D14} -> C:\Users\Arjon\AppData\Local\{1B06CA4B-457B-41DA-9F84-501EF5A27D14} -> [2011/04/13 13:09:23 | 000,000,000 | ---D | C]
 {8250AB31-448A-430E-B2D7-F1C0DD9A10C9} -> C:\Users\Arjon\AppData\Local\{8250AB31-448A-430E-B2D7-F1C0DD9A10C9} -> [2011/04/12 16:34:00 | 000,000,000 | ---D | C]
 Software Informer -> C:\Users\Arjon\AppData\Roaming\Software Informer -> [2011/04/12 16:26:12 | 000,000,000 | ---D | C]
 Software Informer -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer -> [2011/04/12 16:26:12 | 000,000,000 | ---D | C]
 Software Informer -> C:\Program Files\Software Informer -> [2011/04/12 16:26:11 | 000,000,000 | ---D | C]
 SysResources Manager -> C:\Windows\SysResources Manager -> [2011/04/12 16:25:54 | 000,000,000 | ---D | C]
 SysResources Manager -> C:\Program Files\SysResources Manager -> [2011/04/12 16:25:54 | 000,000,000 | ---D | C]
 {0E394A0A-ECA3-41E1-884F-A412E8DABD9A} -> C:\Users\Arjon\AppData\Local\{0E394A0A-ECA3-41E1-884F-A412E8DABD9A} -> [2011/04/12 07:21:19 | 000,000,000 | ---D | C]
 {F3F261C9-38D3-4C16-811C-E408BB194931} -> C:\Users\Arjon\AppData\Local\{F3F261C9-38D3-4C16-811C-E408BB194931} -> [2011/04/11 18:49:14 | 000,000,000 | ---D | C]
 Impressions Future Media -> C:\Users\Arjon\AppData\Roaming\Impressions Future Media -> [2011/04/11 18:42:05 | 000,000,000 | ---D | C]
 PDF Composer -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Composer -> [2011/04/11 18:34:07 | 000,000,000 | ---D | C]
 PDF Composer -> C:\Program Files\PDF Composer -> [2011/04/11 18:34:07 | 000,000,000 | ---D | C]
 Impressions Future Media -> C:\ProgramData\Impressions Future Media -> [2011/04/11 18:34:07 | 000,000,000 | ---D | C]
 Canon -> C:\Users\Arjon\AppData\Roaming\Canon -> [2011/04/10 20:56:19 | 000,000,000 | ---D | C]
 {FE706B31-8BDA-4EFD-864B-B47977AE1996} -> C:\Users\Arjon\AppData\Local\{FE706B31-8BDA-4EFD-864B-B47977AE1996} -> [2011/04/10 11:14:01 | 000,000,000 | ---D | C]
 Macrovision Shared -> C:\Program Files\Common Files\Macrovision Shared -> [2011/04/09 23:20:51 | 000,000,000 | ---D | C]
 Rosetta Stone -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone -> [2011/04/09 23:20:38 | 000,000,000 | ---D | C]
 Rosetta Stone -> C:\ProgramData\Rosetta Stone -> [2011/04/09 23:19:14 | 000,000,000 | ---D | C]
 Rosetta Stone -> C:\Program Files\Rosetta Stone -> [2011/04/09 23:19:14 | 000,000,000 | ---D | C]
 MagicDisc -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc -> [2011/04/09 22:52:02 | 000,000,000 | ---D | C]
 mcdbus.sys -> C:\Windows\System32\drivers\mcdbus.sys -> [2011/04/09 22:51:24 | 000,116,736 | ---- | C] (MagicISO, Inc.)
 MagicDisc -> C:\Program Files\MagicDisc -> [2011/04/09 22:51:23 | 000,000,000 | ---D | C]
 Ulead Systems -> C:\Users\Arjon\AppData\Roaming\Ulead Systems -> [2011/04/09 22:35:20 | 000,000,000 | ---D | C]
 Conduit -> C:\Program Files\Conduit -> [2011/04/09 22:10:19 | 000,000,000 | ---D | C]
 ConduitEngine -> C:\Program Files\ConduitEngine -> [2011/04/09 22:10:15 | 000,000,000 | ---D | C]
 BitTorrentBar -> C:\Program Files\BitTorrentBar -> [2011/04/09 22:10:04 | 000,000,000 | ---D | C]
 extensions -> C:\extensions -> [2011/04/09 22:10:00 | 000,000,000 | ---D | C]
 {4C6E106A-6966-4A49-A023-E8D6F207A7A9} -> C:\Users\Arjon\AppData\Local\{4C6E106A-6966-4A49-A023-E8D6F207A7A9} -> [2011/04/09 12:38:57 | 000,000,000 | ---D | C]
 Windows Live Writer -> C:\Users\Arjon\AppData\Roaming\Windows Live Writer -> [2011/04/09 12:38:44 | 000,000,000 | ---D | C]
 Windows Live Writer -> C:\Users\Arjon\AppData\Local\Windows Live Writer -> [2011/04/09 12:38:44 | 000,000,000 | ---D | C]
 DSlrRemote -> C:\DSlrRemote -> [2011/04/09 11:35:23 | 000,000,000 | ---D | C]
 regid.1986-12.com.adobe -> C:\ProgramData\regid.1986-12.com.adobe -> [2011/04/09 11:08:27 | 000,000,000 | ---D | C]
 DSLR Remote Pro -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DSLR Remote Pro -> [2011/04/09 11:06:46 | 000,000,000 | ---D | C]
 BreezeSys -> C:\Program Files\BreezeSys -> [2011/04/09 11:06:41 | 000,000,000 | ---D | C]
 Adobe AIR -> C:\Program Files\Common Files\Adobe AIR -> [2011/04/09 11:03:40 | 000,000,000 | ---D | C]
 skypePM -> C:\Users\Arjon\AppData\Roaming\skypePM -> [2011/04/08 19:34:37 | 000,000,000 | ---D | C]
 Skype Extras -> C:\ProgramData\Skype Extras -> [2011/04/08 19:34:34 | 000,000,000 | ---D | C]
 Skype -> C:\Users\Arjon\AppData\Roaming\Skype -> [2011/04/08 19:33:48 | 000,000,000 | ---D | C]
 Skype -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype -> [2011/04/08 19:33:14 | 000,000,000 | ---D | C]
 Skype -> C:\Program Files\Common Files\Skype -> [2011/04/08 19:33:14 | 000,000,000 | ---D | C]
 Skype -> C:\Program Files\Skype -> [2011/04/08 19:33:13 | 000,000,000 | R--D | C]
 Skype -> C:\ProgramData\Skype -> [2011/04/08 19:33:06 | 000,000,000 | ---D | C]
 {2C841C7F-04E2-4DD8-BF7C-6BEA108F45C5} -> C:\Users\Arjon\AppData\Local\{2C841C7F-04E2-4DD8-BF7C-6BEA108F45C5} -> [2011/04/07 08:12:43 | 000,000,000 | ---D | C]
 {FD77CA64-960B-4889-AED9-1F9C67CDD6CA} -> C:\Users\Arjon\AppData\Local\{FD77CA64-960B-4889-AED9-1F9C67CDD6CA} -> [2011/04/07 08:12:42 | 000,000,000 | ---D | C]
 {B4A8B78B-9036-4268-A001-FD7F6242FDCE} -> C:\Users\Arjon\AppData\Local\{B4A8B78B-9036-4268-A001-FD7F6242FDCE} -> [2011/04/06 16:08:00 | 000,000,000 | ---D | C]
 P90X -> C:\Users\Arjon\Desktop\P90X -> [2011/04/04 18:26:03 | 000,000,000 | ---D | C]
 {4E3BB316-A2ED-4F06-94AA-822ECEDADBDD} -> C:\Users\Arjon\AppData\Local\{4E3BB316-A2ED-4F06-94AA-822ECEDADBDD} -> [2011/04/03 20:12:00 | 000,000,000 | ---D | C]
 Tracing -> C:\Users\Arjon\Tracing -> [2011/04/03 20:11:46 | 000,000,000 | ---D | C]
 12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> 
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000UA.job -> [2011/05/03 18:47:00 | 000,000,908 | ---- | M] ()
 PCDoctorBackgroundMonitorTask.job -> C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job -> [2011/05/03 18:34:07 | 000,000,528 | ---- | M] ()
 SystemToolsDailyTest.job -> C:\Windows\tasks\SystemToolsDailyTest.job -> [2011/05/03 18:34:07 | 000,000,466 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/05/03 18:16:16 | 000,019,760 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/05/03 18:16:16 | 000,019,760 | -H-- | M] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/05/03 18:11:52 | 000,629,922 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/05/03 18:11:52 | 000,109,132 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/05/03 18:05:10 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/05/03 18:04:42 | 2355,892,224 | -HS- | M] ()
 PSS57B35.DLL -> C:\Windows\System32\PSS57B35.DLL -> [2011/05/03 17:57:55 | 000,011,264 | ---- | M] (Pharos Systems International)
 Video Converter Professional.lnk -> C:\Users\Public\Desktop\Video Converter Professional.lnk -> [2011/05/03 11:45:43 | 000,001,281 | ---- | M] ()
 g2mdlhlpx.exe -> C:\Users\Arjon\g2mdlhlpx.exe -> [2011/05/02 23:11:30 | 000,072,080 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000Core.job -> [2011/05/02 20:57:17 | 000,000,856 | ---- | M] ()
 burnaware.ini -> C:\Users\Arjon\AppData\Roaming\burnaware.ini -> [2011/05/02 18:45:58 | 000,000,230 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\Arjon\Desktop\Google Chrome.lnk -> [2011/05/02 15:48:50 | 000,002,374 | ---- | M] ()
 _WKERNEL.SYL -> C:\Windows\System32\_WKERNEL.SYL -> [2011/05/02 15:38:52 | 000,000,115 | ---- | M] ()
 ARPR.INI -> C:\Windows\ARPR.INI -> [2011/05/02 12:21:53 | 000,000,909 | ---- | M] ()
 PSS01D1D.DLL -> C:\Windows\System32\PSS01D1D.DLL -> [2011/05/01 14:18:46 | 000,011,264 | ---- | M] (Pharos Systems International)
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/05/01 14:13:31 | 003,746,112 | ---- | M] ()
 SYMEVENT.SYS -> C:\Windows\System32\drivers\SYMEVENT.SYS -> [2011/05/01 12:08:16 | 000,124,976 | ---- | M] (Symantec Corporation)
 SYMEVENT.CAT -> C:\Windows\System32\drivers\SYMEVENT.CAT -> [2011/05/01 12:08:16 | 000,007,456 | ---- | M] ()
 SYMEVENT.INF -> C:\Windows\System32\drivers\SYMEVENT.INF -> [2011/05/01 12:08:16 | 000,000,806 | ---- | M] ()
 rebate_jan11_apr11.pdf -> C:\Users\Arjon\Desktop\rebate_jan11_apr11.pdf -> [2011/05/01 02:07:56 | 000,481,561 | ---- | M] ()
 GPlrLanc.dat -> C:\Windows\GPlrLanc.dat -> [2011/04/30 22:38:43 | 000,000,064 | ---- | M] ()
 AVRedirector.ini -> C:\Windows\System32\AVRedirector.ini -> [2011/04/30 19:55:39 | 000,002,496 | ---- | M] ()
 AVRedirectorOff.ini -> C:\Windows\System32\AVRedirectorOff.ini -> [2011/04/30 19:55:39 | 000,001,248 | ---- | M] ()
 Hide My IP.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk -> [2011/04/30 12:40:45 | 000,000,962 | ---- | M] ()
 Hide My IP.lnk -> C:\Users\Arjon\Desktop\Hide My IP.lnk -> [2011/04/30 12:40:45 | 000,000,938 | ---- | M] ()
 System5537 Data.Repository -> C:\Windows\System5537 Data.Repository -> [2011/04/30 00:14:30 | 000,000,022 | -HS- | M] ()
 Sys2662.Config.Repository.bin -> C:\Users\Arjon\AppData\Roaming\Sys2662.Config.Repository.bin -> [2011/04/30 00:14:30 | 000,000,022 | -HS- | M] ()
 jv16 PowerTools 2011.lnk -> C:\Users\Arjon\Desktop\jv16 PowerTools 2011.lnk -> [2011/04/30 00:13:23 | 000,001,862 | ---- | M] ()
 PSS0AF7C.DLL -> C:\Windows\System32\PSS0AF7C.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International)
 PSS0AF7B.DLL -> C:\Windows\System32\PSS0AF7B.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International)
 PSS0AF7A.DLL -> C:\Windows\System32\PSS0AF7A.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International)
 PSS0AF79.DLL -> C:\Windows\System32\PSS0AF79.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International)
 PSS0AF78.DLL -> C:\Windows\System32\PSS0AF78.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International)
 PSS0AF77.DLL -> C:\Windows\System32\PSS0AF77.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International)
 PSS0AF76.DLL -> C:\Windows\System32\PSS0AF76.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International)
 PSS0AF75.DLL -> C:\Windows\System32\PSS0AF75.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International)
 PSS0AF74.DLL -> C:\Windows\System32\PSS0AF74.DLL -> [2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International)
 BurnAware Free.lnk -> C:\Users\Public\Desktop\BurnAware Free.lnk -> [2011/04/28 19:32:40 | 000,001,027 | ---- | M] ()
 results.xml -> C:\Windows\System32\results.xml -> [2011/04/26 21:32:03 | 000,015,710 | ---- | M] ()
 hosts.umbrella -> C:\Windows\System32\drivers\etc\hosts.umbrella -> [2011/04/25 00:08:36 | 000,000,882 | ---- | M] ()
 hosts -> C:\Windows\System32\drivers\etc\hosts -> [2011/04/25 00:08:36 | 000,000,882 | ---- | M] ()
 1.bmp -> C:\1.bmp -> [2011/04/24 03:15:08 | 000,375,054 | ---- | M] ()
 WinX DVD Author.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Author.lnk -> [2011/04/23 16:25:17 | 000,001,132 | ---- | M] ()
 WinX DVD Copy Pro.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Copy Pro.lnk -> [2011/04/23 16:22:20 | 000,001,243 | ---- | M] ()
 WinX DVD Copy Pro.lnk -> C:\Users\Arjon\Desktop\WinX DVD Copy Pro.lnk -> [2011/04/23 16:22:20 | 000,001,219 | ---- | M] ()
 4Media Photo Slideshow Maker.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\4Media Photo Slideshow Maker.lnk -> [2011/04/22 09:14:09 | 000,002,144 | ---- | M] ()
 wrap_oal.dll -> C:\Windows\System32\wrap_oal.dll -> [2011/04/22 09:14:00 | 000,444,952 | ---- | M] (Creative Labs)
 Yahoo! Messenger.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> [2011/04/20 22:58:24 | 000,001,146 | ---- | M] ()
 VMware Workstation.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk -> [2011/04/20 01:21:53 | 000,001,009 | ---- | M] ()
 .rnd -> C:\.rnd -> [2011/04/20 01:18:52 | 000,001,024 | ---- | M] ()
 VMware Workstation.lnk -> C:\Users\Public\Desktop\VMware Workstation.lnk -> [2011/04/20 01:18:06 | 000,002,011 | ---- | M] ()
 AnyToISO.lnk -> C:\Users\Arjon\Desktop\AnyToISO.lnk -> [2011/04/19 14:53:59 | 000,000,928 | ---- | M] ()
 Total Recorder.LNK -> C:\Users\Public\Desktop\Total Recorder.LNK -> [2011/04/18 18:25:19 | 000,001,201 | ---- | M] ()
 Easy Watermark Studio.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Watermark Studio.lnk -> [2011/04/18 11:09:15 | 000,001,987 | ---- | M] ()
 winscp.rnd -> C:\Users\Arjon\AppData\Roaming\winscp.rnd -> [2011/04/13 23:34:45 | 000,000,600 | ---- | M] ()
 SysResources Managersys111.dat -> C:\Program Files\SysResources Managersys111.dat -> [2011/04/12 16:29:09 | 000,000,008 | ---- | M] ()
 SystemRs11.sm.SYS -> C:\Windows\System32\SystemRs11.sm.SYS -> [2011/04/12 16:28:50 | 000,015,620 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2011/04/10 11:11:51 | 000,001,422 | ---- | M] ()
 rosetta stone 3.lnk -> C:\Users\Arjon\Desktop\rosetta stone 3.lnk -> [2011/04/09 23:20:38 | 000,002,559 | ---- | M] ()
 MagicDisc.lnk -> C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk -> [2011/04/09 22:52:02 | 000,000,974 | ---- | M] ()
 BitTorrent.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk -> [2011/04/09 22:10:04 | 000,000,972 | ---- | M] ()
 DSLR Remote Pro.lnk -> C:\Users\Public\Desktop\DSLR Remote Pro.lnk -> [2011/04/09 11:06:46 | 000,001,091 | ---- | M] ()
 ieuinit.inf -> C:\Windows\System32\ieuinit.inf -> [2011/04/08 20:34:29 | 000,072,822 | ---- | M] ()
 ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2011/04/08 19:34:42 | 000,000,056 | -H-- | M] ()
 order.jpg -> C:\Users\Arjon\Documents\order.jpg -> [2011/04/06 00:54:32 | 000,660,091 | ---- | M] ()
 Msft_User_WpdMtpDr_01_09_00.Wdf -> C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf -> [2011/04/04 19:36:28 | 000,000,000 | -H-- | M] ()
 51 C:\Users\Arjon\AppData\Local\Temp\*.tmp files -> C:\Users\Arjon\AppData\Local\Temp\*.tmp -> 
 51 C:\Users\Arjon\AppData\Local\Temp\*.tmp files -> C:\Users\Arjon\AppData\Local\Temp\*.tmp -> 
 5 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 
 5 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 
 12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> 
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files - No Company Name]
 PCDoctorBackgroundMonitorTask.job -> C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job -> [2011/05/03 18:34:07 | 000,000,528 | ---- | C] ()
 SystemToolsDailyTest.job -> C:\Windows\tasks\SystemToolsDailyTest.job -> [2011/05/03 18:34:07 | 000,000,466 | ---- | C] ()
 Video Converter Professional.lnk -> C:\Users\Public\Desktop\Video Converter Professional.lnk -> [2011/05/03 11:45:43 | 000,001,281 | ---- | C] ()
 g2mdlhlpx.exe -> C:\Users\Arjon\g2mdlhlpx.exe -> [2011/05/02 23:11:29 | 000,072,080 | ---- | C] ()
 ARPR.INI -> C:\Windows\ARPR.INI -> [2011/05/02 12:19:36 | 000,000,909 | ---- | C] ()
 systemsf.ebd -> C:\Windows\System32\systemsf.ebd -> [2011/05/01 13:23:59 | 000,146,852 | ---- | C] ()
 ScavengeSpace.xml -> C:\Windows\System32\ScavengeSpace.xml -> [2011/05/01 13:18:02 | 000,010,429 | ---- | C] ()
 RacRules.xml -> C:\Windows\System32\RacRules.xml -> [2011/05/01 13:17:17 | 000,105,559 | ---- | C] ()
 SYMEVENT.CAT -> C:\Windows\System32\drivers\SYMEVENT.CAT -> [2011/05/01 12:08:03 | 000,007,456 | ---- | C] ()
 SYMEVENT.INF -> C:\Windows\System32\drivers\SYMEVENT.INF -> [2011/05/01 12:08:03 | 000,000,806 | ---- | C] ()
 rebate_jan11_apr11.pdf -> C:\Users\Arjon\Desktop\rebate_jan11_apr11.pdf -> [2011/05/01 02:07:56 | 000,481,561 | ---- | C] ()
 GPlrLanc.dat -> C:\Windows\GPlrLanc.dat -> [2011/04/30 22:38:43 | 000,000,064 | ---- | C] ()
 AVRedirector.ini -> C:\Windows\System32\AVRedirector.ini -> [2011/04/30 19:54:54 | 000,002,496 | ---- | C] ()
 AVRedirectorOff.ini -> C:\Windows\System32\AVRedirectorOff.ini -> [2011/04/30 19:54:54 | 000,001,248 | ---- | C] ()
 Hide My IP.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk -> [2011/04/30 12:40:45 | 000,000,962 | ---- | C] ()
 Hide My IP.lnk -> C:\Users\Arjon\Desktop\Hide My IP.lnk -> [2011/04/30 12:40:45 | 000,000,938 | ---- | C] ()
 System5537 Data.Repository -> C:\Windows\System5537 Data.Repository -> [2011/04/30 00:14:30 | 000,000,022 | -HS- | C] ()
 Sys2662.Config.Repository.bin -> C:\Users\Arjon\AppData\Roaming\Sys2662.Config.Repository.bin -> [2011/04/30 00:14:30 | 000,000,022 | -HS- | C] ()
 jv16 PowerTools 2011.lnk -> C:\Users\Arjon\Desktop\jv16 PowerTools 2011.lnk -> [2011/04/30 00:13:23 | 000,001,862 | ---- | C] ()
 iglhxs32.vp -> C:\Windows\System32\iglhxs32.vp -> [2011/04/26 20:56:13 | 000,062,692 | ---- | C] ()
 igfcg575m.bin -> C:\Windows\System32\igfcg575m.bin -> [2011/04/26 20:56:09 | 000,105,420 | ---- | C] ()
 1.bmp -> C:\1.bmp -> [2011/04/24 03:15:08 | 000,375,054 | ---- | C] ()
 WinX DVD Author.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Author.lnk -> [2011/04/23 16:25:17 | 000,001,132 | ---- | C] ()
 WinX DVD Copy Pro.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Copy Pro.lnk -> [2011/04/23 16:22:20 | 000,001,243 | ---- | C] ()
 WinX DVD Copy Pro.lnk -> C:\Users\Arjon\Desktop\WinX DVD Copy Pro.lnk -> [2011/04/23 16:22:20 | 000,001,219 | ---- | C] ()
 4Media Photo Slideshow Maker.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\4Media Photo Slideshow Maker.lnk -> [2011/04/22 09:14:09 | 000,002,144 | ---- | C] ()
 Yahoo! Messenger.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> [2011/04/20 22:58:24 | 000,001,146 | ---- | C] ()
 VMware Workstation.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk -> [2011/04/20 01:21:53 | 000,001,009 | ---- | C] ()
 VMware Workstation.lnk -> C:\Users\Public\Desktop\VMware Workstation.lnk -> [2011/04/20 01:18:06 | 000,002,011 | ---- | C] ()
 AnyToISO.lnk -> C:\Users\Arjon\Desktop\AnyToISO.lnk -> [2011/04/19 14:53:59 | 000,000,928 | ---- | C] ()
 .rnd -> C:\.rnd -> [2011/04/18 23:24:29 | 000,001,024 | ---- | C] ()
 TuneUp Utilities 2011.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 -> [2011/04/18 19:16:22 | 000,002,164 | ---- | C] ()
 Total Recorder.LNK -> C:\Users\Public\Desktop\Total Recorder.LNK -> [2011/04/18 18:25:19 | 000,001,201 | ---- | C] ()
 Easy Watermark Studio.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Watermark Studio.lnk -> [2011/04/18 11:09:15 | 000,001,987 | ---- | C] ()
 winscp.rnd -> C:\Users\Arjon\AppData\Roaming\winscp.rnd -> [2011/04/13 23:34:45 | 000,000,600 | ---- | C] ()
 SysResources Managersys111.dat -> C:\Program Files\SysResources Managersys111.dat -> [2011/04/12 16:29:09 | 000,000,008 | ---- | C] ()
 SystemRs11.sm.SYS -> C:\Windows\System32\SystemRs11.sm.SYS -> [2011/04/12 16:28:50 | 000,015,620 | ---- | C] ()
 rosetta stone 3.lnk -> C:\Users\Arjon\Desktop\rosetta stone 3.lnk -> [2011/04/11 23:09:17 | 000,002,559 | ---- | C] ()
 MagicDisc.lnk -> C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk -> [2011/04/09 22:52:02 | 000,000,974 | ---- | C] ()
 burnaware.ini -> C:\Users\Arjon\AppData\Roaming\burnaware.ini -> [2011/04/09 22:40:16 | 000,000,230 | ---- | C] ()
 BitTorrent.lnk -> C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk -> [2011/04/09 22:10:04 | 000,000,972 | ---- | C] ()
 Adobe Photoshop CS5.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk -> [2011/04/09 11:08:21 | 000,001,180 | ---- | C] ()
 Adobe Bridge CS5.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk -> [2011/04/09 11:07:16 | 000,001,142 | ---- | C] ()
 DSLR Remote Pro.lnk -> C:\Users\Public\Desktop\DSLR Remote Pro.lnk -> [2011/04/09 11:06:46 | 000,001,091 | ---- | C] ()
 Adobe Device Central CS5.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk -> [2011/04/09 11:06:27 | 000,001,235 | ---- | C] ()
 Adobe Extension Manager CS5.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk -> [2011/04/09 11:04:22 | 000,001,326 | ---- | C] ()
 Adobe ExtendScript Toolkit CS5.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk -> [2011/04/09 11:04:17 | 000,001,492 | ---- | C] ()
 Adobe Help.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk -> [2011/04/09 11:03:43 | 000,000,978 | ---- | C] ()
 ieuinit.inf -> C:\Windows\System32\ieuinit.inf -> [2011/04/08 20:34:29 | 000,072,822 | ---- | C] ()
 ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2011/04/08 19:34:42 | 000,000,056 | -H-- | C] ()
 order.jpg -> C:\Users\Arjon\Documents\order.jpg -> [2011/04/06 00:54:32 | 000,660,091 | ---- | C] ()
 Msft_User_WpdMtpDr_01_09_00.Wdf -> C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf -> [2011/04/04 19:36:28 | 000,000,000 | -H-- | C] ()
 ODBC.INI -> C:\Windows\ODBC.INI -> [2011/04/01 13:47:58 | 000,000,376 | ---- | C] ()
 CNCMFP11.INI -> C:\Windows\System32\CNCMFP11.INI -> [2011/03/31 02:16:55 | 000,000,281 | ---- | C] ()
 igkrng575.bin -> C:\Windows\System32\igkrng575.bin -> [2011/03/30 19:47:42 | 000,867,020 | ---- | C] ()
 igcompkrng575.bin -> C:\Windows\System32\igcompkrng575.bin -> [2011/03/30 19:47:40 | 000,128,204 | ---- | C] ()
 IccLibDll.dll -> C:\Windows\System32\IccLibDll.dll -> [2011/03/30 19:47:39 | 000,094,208 | ---- | C] ()
 GfxUI.exe.config -> C:\Windows\System32\GfxUI.exe.config -> [2010/08/12 15:34:43 | 000,000,151 | ---- | C] ()
 VoipUpdate.ini -> C:\Windows\System32\VoipUpdate.ini -> [2010/08/12 15:33:44 | 000,000,661 | ---- | C] ()
 pmxdrv.sys -> C:\Windows\System32\drivers\pmxdrv.sys -> [2010/08/12 15:33:28 | 000,816,792 | ---- | C] ()
 TurboB.sys -> C:\Windows\System32\drivers\TurboB.sys -> [2009/09/29 20:25:42 | 000,013,752 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 00:57:37 | 000,067,584 | --S- | C] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009/07/14 00:33:53 | 003,746,112 | ---- | C] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/07/13 22:05:48 | 000,629,922 | ---- | C] ()
 perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2009/07/13 22:05:48 | 000,291,294 | ---- | C] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/07/13 22:05:48 | 000,109,132 | ---- | C] ()
 perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2009/07/13 22:05:48 | 000,031,548 | ---- | C] ()
 NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2009/07/13 22:05:05 | 000,000,741 | ---- | C] ()
 dssec.dat -> C:\Windows\System32\dssec.dat -> [2009/07/13 22:04:11 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2009/07/13 19:55:01 | 000,043,131 | ---- | C] ()
 BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009/07/13 19:51:43 | 000,073,728 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] ()
 igkrng500.bin -> C:\Windows\System32\igkrng500.bin -> [2009/07/13 18:09:19 | 000,982,196 | ---- | C] ()
 igcompkrng500.bin -> C:\Windows\System32\igcompkrng500.bin -> [2009/07/13 18:09:19 | 000,417,344 | ---- | C] ()
 igfcg500.bin -> C:\Windows\System32\igfcg500.bin -> [2009/07/13 18:09:19 | 000,139,824 | ---- | C] ()
 igfcg500m.bin -> C:\Windows\System32\igfcg500m.bin -> [2009/07/13 18:09:19 | 000,097,448 | ---- | C] ()
 mlang.dat -> C:\Windows\System32\mlang.dat -> [2009/06/10 17:26:10 | 000,673,088 | ---- | C] ()
 vpnapi.dll -> C:\Windows\System32\vpnapi.dll -> [2007/10/26 17:28:18 | 000,197,408 | ---- | C] ()
 OUTLPERF.INI -> C:\Windows\System32\OUTLPERF.INI -> [2003/01/07 18:05:08 | 000,002,695 | ---- | C] ()
 
[File - Lop Check]
 .# -> C:\Users\Arjon\AppData\Roaming\.# -> [2011/04/26 20:36:08 | 000,000,000 | -HSD | M]
 4Media -> C:\Users\Arjon\AppData\Roaming\4Media -> [2011/04/22 09:14:46 | 000,000,000 | ---D | M]
 AVG10 -> C:\Users\Arjon\AppData\Roaming\AVG10 -> [2011/04/26 01:24:38 | 000,000,000 | ---D | M]
 AVSoftware -> C:\Users\Arjon\AppData\Roaming\AVSoftware -> [2011/04/30 19:53:54 | 000,000,000 | ---D | M]
 BitTorrent -> C:\Users\Arjon\AppData\Roaming\BitTorrent -> [2011/05/02 15:40:29 | 000,000,000 | ---D | M]
 Canon -> C:\Users\Arjon\AppData\Roaming\Canon -> [2011/04/10 20:56:19 | 000,000,000 | ---D | M]
 Digiarty -> C:\Users\Arjon\AppData\Roaming\Digiarty -> [2011/04/23 16:25:22 | 000,000,000 | ---D | M]
 Easy Watermark Studio -> C:\Users\Arjon\AppData\Roaming\Easy Watermark Studio -> [2011/04/18 11:09:46 | 000,000,000 | ---D | M]
 EurekaLog -> C:\Users\Arjon\AppData\Roaming\EurekaLog -> [2011/04/30 14:45:05 | 000,000,000 | ---D | M]
 Impressions Future Media -> C:\Users\Arjon\AppData\Roaming\Impressions Future Media -> [2011/04/11 18:42:05 | 000,000,000 | ---D | M]
 InterVideo -> C:\Users\Arjon\AppData\Roaming\InterVideo -> [2011/04/23 23:40:06 | 000,000,000 | ---D | M]
 JGsoft -> C:\Users\Arjon\AppData\Roaming\JGsoft -> [2011/04/13 23:30:00 | 000,000,000 | ---D | M]
 Lenovo -> C:\Users\Arjon\AppData\Roaming\Lenovo -> [2011/03/30 17:52:00 | 000,000,000 | ---D | M]
 NeoDownloader -> C:\Users\Arjon\AppData\Roaming\NeoDownloader -> [2011/04/14 21:01:33 | 000,000,000 | ---D | M]
 PCDr -> C:\Users\Arjon\AppData\Roaming\PCDr -> [2011/05/03 18:33:00 | 000,000,000 | ---D | M]
 PwrMgr -> C:\Users\Arjon\AppData\Roaming\PwrMgr -> [2011/03/30 23:10:46 | 000,000,000 | ---D | M]
 SoftGrid Client -> C:\Users\Arjon\AppData\Roaming\SoftGrid Client -> [2011/05/03 03:02:28 | 000,000,000 | ---D | M]
 Software Informer -> C:\Users\Arjon\AppData\Roaming\Software Informer -> [2011/05/03 18:09:27 | 000,000,000 | ---D | M]
 TotalRecorder -> C:\Users\Arjon\AppData\Roaming\TotalRecorder -> [2011/04/25 20:24:49 | 000,000,000 | ---D | M]
 TP -> C:\Users\Arjon\AppData\Roaming\TP -> [2011/03/31 01:06:15 | 000,000,000 | ---D | M]
 TuneUp Software -> C:\Users\Arjon\AppData\Roaming\TuneUp Software -> [2011/05/02 15:36:43 | 000,000,000 | ---D | M]
 Ulead Systems -> C:\Users\Arjon\AppData\Roaming\Ulead Systems -> [2011/04/20 14:52:11 | 000,000,000 | ---D | M]
 Update -> C:\Users\Arjon\AppData\Roaming\Update -> [2011/05/03 18:30:30 | 000,000,000 | ---D | M]
 Windows Live Writer -> C:\Users\Arjon\AppData\Roaming\Windows Live Writer -> [2011/04/09 12:38:44 | 000,000,000 | ---D | M]
 PCDoctorBackgroundMonitorTask.job -> C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job -> [2011/05/03 18:34:07 | 000,000,528 | ---- | M] ()
 SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/07/14 00:53:46 | 000,027,880 | ---- | M] ()
 SystemToolsDailyTest.job -> C:\Windows\Tasks\SystemToolsDailyTest.job -> [2011/05/03 18:34:07 | 000,000,466 | ---- | M] ()
 
[File - Purity Scan]
 
 
[Alternate Data Streams]
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:5A775C3F
< End of report >



Thank You
  • 0

#4
sempai
Posted 04 May 2011 - 05:54 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Did you read the Malware and Spyware Cleaning Guide? Did you post the correct logs?
  • 0

#5
ardoc14
Posted 04 May 2011 - 09:42 AM

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello,

Yes i did follow the guide, the only part that I put extra in the beginning is the SuperAntispyware log in order for you to see what I am getting,
the other Scan is from OTS as shown in the guide.

Thank you
  • 0

#6
sempai
Posted 04 May 2011 - 10:47 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
You posted an OTS log, the guide requires you to post OTL. Please read it again here -> http://www.geekstogo...uide-t2852.html
  • 0

#7
ardoc14
Posted 04 May 2011 - 12:46 PM

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I am really sorry about that, Yes I did an OTS instead.

From the Quick Scan there were 2 logs generated: 1 was OTL log file and the other one was OTL Extra logfile

Here is the OTL log:


OTL logfile created on: 5/4/2011 2:35:55 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Arjon\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 180.96 Gb Free Space | 39.79% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.74 Gb Free Space | 38.32% Space Free | Partition Type: NTFS

Computer Name: ARJON-THINK | User Name: Arjon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 14:35:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arjon\Downloads\OTL.exe
PRC - [2011/04/22 09:07:58 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/04/19 03:52:00 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011/04/19 03:52:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/03/31 19:31:34 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011/03/30 19:01:50 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 19:00:10 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/03/25 23:51:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2011/03/25 23:51:34 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/03/25 23:51:32 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2011/03/25 23:51:20 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/08 16:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/03/08 16:20:58 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 20:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/01/14 18:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/01/14 18:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2011/01/14 18:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/12/17 17:22:40 | 000,936,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/12/17 17:08:40 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/12/14 18:57:20 | 000,136,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010/12/08 13:18:56 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2010/12/03 13:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2010/12/02 15:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 19:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/24 19:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/09 16:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/11/09 16:39:44 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/11/09 16:39:44 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/11/09 16:39:42 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/10/29 23:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/17 20:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/09/17 20:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/09/17 20:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/07/06 17:39:04 | 003,039,536 | ---- | M] (HideMyIP) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe
PRC - [2010/05/03 15:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 15:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/03 15:54:28 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/04/24 04:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 04:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/23 12:21:00 | 000,154,112 | ---- | M] (troubadix) -- C:\Program Files\TPFanControl\TPFanControl.exe
PRC - [2010/04/07 17:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 17:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/11/25 18:50:10 | 002,011,205 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2009/08/26 18:32:16 | 000,816,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/30 18:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/10/26 17:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 14:35:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arjon\Downloads\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/19 03:52:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/04/19 03:52:00 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/04/19 03:52:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011/04/09 23:20:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/31 11:14:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/30 19:00:10 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 18:57:40 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/03/25 23:51:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 23:51:32 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 23:51:20 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/02/18 20:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/01/14 18:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011/01/14 18:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/17 17:22:40 | 000,936,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/12/17 17:08:40 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/12/03 13:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010/12/02 15:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/11/24 19:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/11/09 16:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/11/09 16:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/11/09 16:39:44 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/11/09 16:39:44 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/11/09 16:39:42 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/09/17 20:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 20:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/07/06 17:39:04 | 003,039,536 | ---- | M] (HideMyIP) [On_Demand | Running] -- C:\Program Files\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2010/05/03 15:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/05/03 15:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/04/24 04:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 04:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/07 17:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/09/29 20:25:38 | 000,099,768 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009/08/26 18:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/28 22:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/10/26 17:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/05/01 12:08:16 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/19 03:52:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2011/04/19 03:52:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011/04/18 08:58:58 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110504.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 08:58:58 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/18 08:58:58 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/18 08:58:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110504.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/25 23:52:18 | 000,854,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2011/03/25 23:52:18 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2011/03/25 23:50:52 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2011/03/25 23:50:06 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2011/03/25 22:27:32 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2011/03/25 20:05:00 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2011/03/25 20:05:00 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2011/03/25 20:05:00 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2011/02/10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/13 14:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/21 12:07:44 | 007,434,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/09 16:39:50 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/11/09 16:39:50 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/11/09 16:39:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/11/09 16:39:36 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/10/15 03:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/09/07 17:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/08/25 13:45:56 | 000,486,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/08/12 15:33:28 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxdrv.sys -- (pmxdrv)
DRV - [2010/07/22 12:38:06 | 000,215,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2010/06/16 16:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2010/06/16 16:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/10 17:47:34 | 000,015,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/24 04:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 04:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 04:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 04:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/12 17:13:02 | 000,091,728 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010/04/12 17:12:56 | 000,131,664 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2010/03/18 01:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2010/02/26 18:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/26 01:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/09/29 20:25:42 | 000,013,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV - [2009/09/24 07:58:52 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/09/17 00:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/01 22:16:16 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/05/10 22:33:48 | 000,088,832 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2009/03/13 16:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2) SMI Helper Driver (smihlp2)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/10/26 17:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/31 16:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/10/13 03:21:00 | 000,020,512 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/02 13:07:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/02 13:07:02 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/25 00:08:36 | 000,000,882 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPFanControl] C:\Program Files\TPFanControl\TPFanControl.exe (troubadix)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Arjon\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{9eb2da89-668a-11e0-9d6c-f0def10837b2}\Shell - "" = AutoRun
O33 - MountPoints2\{9eb2da89-668a-11e0-9d6c-f0def10837b2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 14:10:27 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\ParetoLogic
[2011/05/04 14:10:27 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\DriverCure
[2011/05/04 14:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/05/04 13:54:32 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\FixCleaner
[2011/05/04 13:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/05/04 13:10:05 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0082F.DLL
[2011/05/04 13:09:23 | 000,249,856 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSR0059B.DLL
[2011/05/04 13:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2011/05/04 12:59:08 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo9.dll
[2011/05/03 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2011/05/03 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\PCDr
[2011/05/03 11:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Aviosoft
[2011/05/02 23:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/05/02 14:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2011/05/02 14:49:24 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\iMate
[2011/05/02 13:06:43 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\DivX
[2011/05/02 13:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/02 13:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/05/02 13:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/05/02 13:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/05/02 12:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2011/05/01 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPBA
[2011/05/01 14:18:46 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS01D1D.DLL
[2011/05/01 13:41:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/05/01 13:34:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/05/01 13:19:37 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/05/01 12:08:03 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/05/01 12:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/01 12:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2011/05/01 12:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/01 02:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2011/05/01 02:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2011/05/01 02:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\f-secure
[2011/05/01 02:11:27 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\ElevatedDiagnostics
[2011/04/30 22:41:46 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\LDW
[2011/04/30 19:53:54 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\AVSoftware
[2011/04/30 19:51:47 | 000,303,240 | ---- | C] (AVSoftware, Ltd) -- C:\Windows\System32\AVLib.dll
[2011/04/30 19:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Hide The IP
[2011/04/30 19:50:49 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\PackageAware
[2011/04/30 19:35:35 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Desktop\New folder
[2011/04/30 14:53:45 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{9CDD5999-74CB-4416-9385-5C398ED8F46D}
[2011/04/30 14:44:57 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\EurekaLog
[2011/04/30 14:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadToolz
[2011/04/30 12:40:49 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.) -- C:\Windows\System32\HMIPCore.dll
[2011/04/30 12:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide My IP 5
[2011/04/30 12:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Hide My IP
[2011/04/30 00:13:51 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2011
[2011/04/30 00:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2011
[2011/04/29 08:23:12 | 000,109,568 | ---- | C] (www.madshi.net) -- C:\Windows\System32\MadCHook.dll
[2011/04/29 08:23:10 | 000,442,368 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSP0AF74.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF7C.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF7B.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF7A.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF79.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF78.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF77.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF76.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF75.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF74.DLL
[2011/04/29 08:23:07 | 000,249,856 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSR0AF4A.DLL
[2011/04/29 08:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\PharosSystems
[2011/04/29 08:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pharos
[2011/04/29 07:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRT Recover My File
[2011/04/29 07:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\GRT Recover My File
[2011/04/28 19:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/04/28 19:32:29 | 000,000,000 | ---D | C] -- C:\Firefox
[2011/04/28 18:25:54 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{7A831A41-C098-4F1E-AA3B-5CA24E913A41}
[2011/04/27 22:24:01 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\My Received Files
[2011/04/27 21:41:23 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{B2641D65-771F-43D0-95BB-B2846A207F3E}
[2011/04/26 20:56:09 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/04/26 12:23:16 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Symantec
[2011/04/26 12:14:56 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Desktop\tmp
[2011/04/26 12:07:44 | 000,000,000 | -HSD | C] -- C:\Users\Arjon\AppData\Roaming\.#
[2011/04/26 12:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011/04/26 07:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\CellSoftNet
[2011/04/26 02:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/04/26 01:24:38 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\AVG10
[2011/04/26 01:23:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/26 01:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/26 01:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/26 01:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/25 22:28:38 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Ashisoft
[2011/04/25 11:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Almeza
[2011/04/25 11:33:57 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{5A6A820E-6F03-4F15-8D1A-560276E81C68}
[2011/04/25 11:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\Almeza
[2011/04/25 00:06:47 | 000,000,000 | ---D | C] -- C:\Users\Arjon\.shsh
[2011/04/25 00:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/25 00:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/24 03:11:58 | 000,000,000 | ---D | C] -- C:\Windows\AllMySongs Database
[2011/04/24 03:11:58 | 000,000,000 | ---D | C] -- C:\AllMySongs Database
[2011/04/23 23:41:49 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\InterVideo
[2011/04/23 23:40:06 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\InterVideo
[2011/04/23 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\dvdcss
[2011/04/23 16:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinX DVD Author
[2011/04/23 16:22:53 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Digiarty
[2011/04/23 16:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2011/04/23 16:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2011/04/22 09:14:46 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\4Media
[2011/04/22 09:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Media
[2011/04/22 09:14:00 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/04/22 09:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/04/22 09:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/04/22 09:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\4Media
[2011/04/22 09:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\4Media
[2011/04/21 19:23:34 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2011/04/21 19:23:31 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Google
[2011/04/21 00:54:07 | 000,000,000 | -H-D | C] -- C:\Windows\System32\WLANProfiles
[2011/04/20 22:59:37 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2011/04/20 22:59:17 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Yahoo!
[2011/04/20 22:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/04/20 22:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/04/20 22:57:55 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{751E3DE2-98D0-4004-87D8-518F7492A1C1}
[2011/04/20 01:20:14 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Senstic
[2011/04/20 01:19:47 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2011/04/20 01:19:46 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2011/04/20 01:19:45 | 000,026,352 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2011/04/20 01:19:40 | 000,760,432 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2011/04/20 01:19:18 | 000,024,688 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys
[2011/04/20 01:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2011/04/20 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2011/04/20 01:13:01 | 000,000,000 | ---D | C] -- C:\archdb
[2011/04/20 00:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Senstic
[2011/04/19 23:40:20 | 000,056,208 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2011/04/19 23:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2011/04/19 23:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2011/04/19 15:48:01 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\vmware and mac os x
[2011/04/19 14:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyToISO
[2011/04/19 14:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\AnyToISO
[2011/04/19 14:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/04/19 14:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2011/04/18 23:50:44 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\Virtual Machines
[2011/04/18 23:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\VMware
[2011/04/18 22:20:11 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{BCAACA3D-E8B5-4EF7-88D4-963368BAACD5}
[2011/04/18 19:16:44 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011/04/18 19:16:34 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011/04/18 19:16:34 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011/04/18 19:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/04/18 19:15:20 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\TuneUp Software
[2011/04/18 19:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011/04/18 19:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/04/18 19:11:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/04/18 18:25:30 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\TotalRecorder
[2011/04/18 18:25:17 | 000,091,728 | ---- | C] (High Criteria inc.) -- C:\Windows\System32\drivers\TotRec8.sys
[2011/04/18 18:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Recorder
[2011/04/18 18:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\HighCriteria
[2011/04/18 11:09:15 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Watermark Studio
[2011/04/18 11:09:15 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Easy Watermark Studio
[2011/04/18 11:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Watermark Studio
[2011/04/18 01:53:27 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{5AA4902D-2166-4DB8-8B6E-EB914D1B1540}
[2011/04/16 17:08:52 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{119EA93D-54BB-494C-BB7E-3C7C83BDE158}
[2011/04/16 00:34:31 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{2E744419-9F4F-46A0-86D0-748481CB4B4A}
[2011/04/15 12:08:25 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{CAD0986A-F765-42A8-9D42-B2AE2F8E40E5}
[2011/04/14 21:01:29 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\NeoDownloader
[2011/04/14 07:33:06 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{E91F93C4-E17B-4359-9762-AEA41004EAE0}
[2011/04/13 23:30:00 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\JGsoft
[2011/04/13 23:29:53 | 000,067,312 | ---- | C] (Just Great Software) -- C:\Windows\UnDeployV.exe
[2011/04/13 13:09:23 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{1B06CA4B-457B-41DA-9F84-501EF5A27D14}
[2011/04/12 16:34:00 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{8250AB31-448A-430E-B2D7-F1C0DD9A10C9}
[2011/04/12 16:26:12 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Software Informer
[2011/04/12 16:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer
[2011/04/12 16:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2011/04/12 16:25:54 | 000,000,000 | ---D | C] -- C:\Windows\SysResources Manager
[2011/04/12 16:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\SysResources Manager
[2011/04/12 07:21:19 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{0E394A0A-ECA3-41E1-884F-A412E8DABD9A}
[2011/04/11 18:49:14 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{F3F261C9-38D3-4C16-811C-E408BB194931}
[2011/04/11 18:42:05 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Impressions Future Media
[2011/04/11 18:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Composer
[2011/04/11 18:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Composer
[2011/04/11 18:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Impressions Future Media
[2011/04/10 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Canon
[2011/04/10 11:14:01 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{FE706B31-8BDA-4EFD-864B-B47977AE1996}
[2011/04/09 23:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/04/09 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2011/04/09 23:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011/04/09 23:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2011/04/09 22:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/04/09 22:51:24 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2011/04/09 22:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2011/04/09 22:35:20 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Ulead Systems
[2011/04/09 22:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/04/09 22:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/04/09 22:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrentBar
[2011/04/09 22:10:00 | 000,000,000 | ---D | C] -- C:\extensions
[2011/04/09 12:38:57 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{4C6E106A-6966-4A49-A023-E8D6F207A7A9}
[2011/04/09 12:38:44 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Windows Live Writer
[2011/04/09 12:38:44 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Windows Live Writer
[2011/04/09 11:35:23 | 000,000,000 | ---D | C] -- C:\DSlrRemote
[2011/04/09 11:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/04/09 11:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DSLR Remote Pro
[2011/04/09 11:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\BreezeSys
[2011/04/09 11:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/08 19:34:37 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\skypePM
[2011/04/08 19:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/04/08 19:33:48 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Skype
[2011/04/08 19:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/04/08 19:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/04/08 19:33:13 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/04/08 19:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/04/07 08:12:43 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{2C841C7F-04E2-4DD8-BF7C-6BEA108F45C5}
[2011/04/07 08:12:42 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{FD77CA64-960B-4889-AED9-1F9C67CDD6CA}
[2011/04/06 16:08:00 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{B4A8B78B-9036-4268-A001-FD7F6242FDCE}
[2011/04/04 18:26:03 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Desktop\P90X
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/04 14:31:33 | 000,000,115 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
[2011/05/04 14:11:54 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 14:11:54 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 14:08:32 | 000,629,922 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/04 14:08:32 | 000,109,132 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/04 14:03:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/04 14:03:18 | 2355,892,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/04 14:01:08 | 000,187,440 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/05/04 13:47:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000UA.job
[2011/05/04 13:10:05 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0082F.DLL
[2011/05/04 13:09:06 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/04 13:09:06 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/05/04 13:03:20 | 000,000,548 | ---- | M] () -- C:\Users\Arjon\Documents\monitorsregkey.reg
[2011/05/04 11:28:18 | 000,002,374 | ---- | M] () -- C:\Users\Arjon\Desktop\Google Chrome.lnk
[2011/05/03 22:14:36 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2011/05/03 22:14:36 | 000,000,050 | ---- | M] () -- C:\Windows\System32\bridf08b.dat
[2011/05/02 12:21:53 | 000,000,909 | ---- | M] () -- C:\Windows\ARPR.INI
[2011/05/01 20:47:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000Core.job
[2011/05/01 14:18:46 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS01D1D.DLL
[2011/05/01 14:13:31 | 003,746,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/01 12:08:16 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/05/01 12:08:16 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/05/01 12:08:16 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/05/01 02:07:56 | 000,481,561 | ---- | M] () -- C:\Users\Arjon\Desktop\rebate_jan11_apr11.pdf
[2011/04/30 22:38:43 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2011/04/30 19:55:39 | 000,002,496 | ---- | M] () -- C:\Windows\System32\AVRedirector.ini
[2011/04/30 19:55:39 | 000,001,248 | ---- | M] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/04/30 12:40:45 | 000,000,962 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2011/04/30 12:40:45 | 000,000,938 | ---- | M] () -- C:\Users\Arjon\Desktop\Hide My IP.lnk
[2011/04/30 00:14:30 | 000,000,022 | -HS- | M] () -- C:\Windows\System5537 Data.Repository
[2011/04/30 00:14:30 | 000,000,022 | -HS- | M] () -- C:\Users\Arjon\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/04/30 00:13:23 | 000,001,862 | ---- | M] () -- C:\Users\Arjon\Desktop\jv16 PowerTools 2011.lnk
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF7C.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF7B.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF7A.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF79.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF78.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF77.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF76.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF75.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF74.DLL
[2011/04/28 20:43:08 | 000,000,215 | ---- | M] () -- C:\Users\Arjon\AppData\Roaming\burnaware.ini
[2011/04/28 19:32:40 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2011/04/26 21:32:03 | 000,015,710 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/04/25 00:08:36 | 000,000,882 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2011/04/25 00:08:36 | 000,000,882 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/24 03:15:08 | 000,375,054 | ---- | M] () -- C:\1.bmp
[2011/04/23 16:25:17 | 000,001,132 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Author.lnk
[2011/04/23 16:22:20 | 000,001,243 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Copy Pro.lnk
[2011/04/23 16:22:20 | 000,001,219 | ---- | M] () -- C:\Users\Arjon\Desktop\WinX DVD Copy Pro.lnk
[2011/04/22 09:14:09 | 000,002,144 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\4Media Photo Slideshow Maker.lnk
[2011/04/22 09:14:00 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/04/20 22:58:24 | 000,001,146 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/04/20 01:21:53 | 000,001,009 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2011/04/20 01:18:52 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/04/20 01:18:06 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2011/04/19 14:53:59 | 000,000,928 | ---- | M] () -- C:\Users\Arjon\Desktop\AnyToISO.lnk
[2011/04/18 18:25:19 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\Total Recorder.LNK
[2011/04/18 11:09:15 | 000,001,987 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Watermark Studio.lnk
[2011/04/13 23:34:45 | 000,000,600 | ---- | M] () -- C:\Users\Arjon\AppData\Roaming\winscp.rnd
[2011/04/12 16:29:09 | 000,000,008 | ---- | M] () -- C:\Program Files\SysResources Managersys111.dat
[2011/04/12 16:28:50 | 000,015,620 | ---- | M] () -- C:\Windows\System32\SystemRs11.sm.SYS
[2011/04/10 11:11:51 | 000,001,422 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/09 23:20:38 | 000,002,559 | ---- | M] () -- C:\Users\Arjon\Desktop\rosetta stone 3.lnk
[2011/04/09 22:52:02 | 000,000,974 | ---- | M] () -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/04/09 22:10:04 | 000,000,972 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/04/09 11:06:46 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\DSLR Remote Pro.lnk
[2011/04/08 20:34:29 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/08 19:34:42 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/04/06 00:54:32 | 000,660,091 | ---- | M] () -- C:\Users\Arjon\Documents\order.jpg
[2011/04/04 19:36:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/04 14:01:08 | 000,187,440 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/04 13:03:20 | 000,000,548 | ---- | C] () -- C:\Users\Arjon\Documents\monitorsregkey.reg
[2011/05/03 22:14:08 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/05/03 19:38:54 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/05/02 12:19:36 | 000,000,909 | ---- | C] () -- C:\Windows\ARPR.INI
[2011/05/01 13:23:59 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/05/01 13:18:02 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/05/01 13:17:17 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/05/01 12:08:03 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/05/01 12:08:03 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/05/01 02:07:56 | 000,481,561 | ---- | C] () -- C:\Users\Arjon\Desktop\rebate_jan11_apr11.pdf
[2011/04/30 22:38:43 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/04/30 19:54:54 | 000,002,496 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini
[2011/04/30 19:54:54 | 000,001,248 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/04/30 12:40:45 | 000,000,962 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide My IP.lnk
[2011/04/30 12:40:45 | 000,000,938 | ---- | C] () -- C:\Users\Arjon\Desktop\Hide My IP.lnk
[2011/04/30 00:14:30 | 000,000,022 | -HS- | C] () -- C:\Windows\System5537 Data.Repository
[2011/04/30 00:14:30 | 000,000,022 | -HS- | C] () -- C:\Users\Arjon\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/04/30 00:13:23 | 000,001,862 | ---- | C] () -- C:\Users\Arjon\Desktop\jv16 PowerTools 2011.lnk
[2011/04/26 20:56:13 | 000,062,692 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2011/04/26 20:56:09 | 000,105,420 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/04/24 03:15:08 | 000,375,054 | ---- | C] () -- C:\1.bmp
[2011/04/23 16:25:17 | 000,001,132 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Author.lnk
[2011/04/23 16:22:20 | 000,001,243 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Copy Pro.lnk
[2011/04/23 16:22:20 | 000,001,219 | ---- | C] () -- C:\Users\Arjon\Desktop\WinX DVD Copy Pro.lnk
[2011/04/22 09:14:09 | 000,002,144 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\4Media Photo Slideshow Maker.lnk
[2011/04/20 22:58:24 | 000,001,146 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/04/20 01:21:53 | 000,001,009 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2011/04/20 01:18:06 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2011/04/19 14:53:59 | 000,000,928 | ---- | C] () -- C:\Users\Arjon\Desktop\AnyToISO.lnk
[2011/04/18 23:24:29 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/04/18 19:16:22 | 000,002,164 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/04/18 18:25:19 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\Total Recorder.LNK
[2011/04/18 11:09:15 | 000,001,987 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Watermark Studio.lnk
[2011/04/13 23:34:45 | 000,000,600 | ---- | C] () -- C:\Users\Arjon\AppData\Roaming\winscp.rnd
[2011/04/12 16:29:09 | 000,000,008 | ---- | C] () -- C:\Program Files\SysResources Managersys111.dat
[2011/04/12 16:28:50 | 000,015,620 | ---- | C] () -- C:\Windows\System32\SystemRs11.sm.SYS
[2011/04/11 23:09:17 | 000,002,559 | ---- | C] () -- C:\Users\Arjon\Desktop\rosetta stone 3.lnk
[2011/04/09 22:52:02 | 000,000,974 | ---- | C] () -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/04/09 22:40:16 | 000,000,215 | ---- | C] () -- C:\Users\Arjon\AppData\Roaming\burnaware.ini
[2011/04/09 22:10:04 | 000,000,972 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/04/09 11:08:21 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/04/09 11:07:16 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/04/09 11:06:46 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\DSLR Remote Pro.lnk
[2011/04/09 11:06:27 | 000,001,235 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/04/09 11:04:22 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/04/09 11:04:17 | 000,001,492 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/04/09 11:03:43 | 000,000,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/04/08 20:34:29 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/08 19:34:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/06 00:54:32 | 000,660,091 | ---- | C] () -- C:\Users\Arjon\Documents\order.jpg
[2011/04/04 19:36:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/04/01 13:47:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/31 02:16:55 | 000,000,281 | ---- | C] () -- C:\Windows\System32\CNCMFP11.INI
[2011/03/30 19:47:42 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/03/30 19:47:40 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/03/30 19:47:39 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2010/08/12 15:34:43 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/12 15:33:44 | 000,000,661 | ---- | C] () -- C:\Windows\System32\VoipUpdate.ini
[2010/08/12 15:33:28 | 000,816,792 | ---- | C] () -- C:\Windows\System32\drivers\pmxdrv.sys
[2009/09/29 20:25:42 | 000,013,752 | ---- | C] () -- C:\Windows\System32\drivers\TurboB.sys
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,746,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,629,922 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,109,132 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/07/13 18:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/07/13 18:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/13 18:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/10/26 17:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/26 20:36:08 | 000,000,000 | -HSD | M] -- C:\Users\Arjon\AppData\Roaming\.#
[2011/04/22 09:14:46 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\4Media
[2011/04/26 01:24:38 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\AVG10
[2011/04/30 19:53:54 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\AVSoftware
[2011/05/03 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\BitTorrent
[2011/04/10 20:56:19 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Canon
[2011/04/23 16:25:22 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Digiarty
[2011/05/04 14:10:27 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\DriverCure
[2011/04/18 11:09:46 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Easy Watermark Studio
[2011/04/30 14:45:05 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\EurekaLog
[2011/05/04 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\FixCleaner
[2011/04/11 18:42:05 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Impressions Future Media
[2011/04/23 23:40:06 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\InterVideo
[2011/04/13 23:30:00 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\JGsoft
[2011/03/30 17:52:00 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Lenovo
[2011/04/14 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\NeoDownloader
[2011/05/04 14:10:27 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\ParetoLogic
[2011/05/03 18:33:00 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\PCDr
[2011/03/30 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\PwrMgr
[2011/05/03 23:59:55 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\SoftGrid Client
[2011/05/04 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Software Informer
[2011/04/25 20:24:49 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\TotalRecorder
[2011/03/31 01:06:15 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\TP
[2011/05/02 15:36:43 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\TuneUp Software
[2011/04/20 14:52:11 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Ulead Systems
[2011/05/03 22:26:46 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Update
[2011/04/09 12:38:44 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Windows Live Writer
[2011/05/04 13:09:06 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 00:53:46 | 000,028,378 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/04 13:09:06 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:5A775C3F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >



There this is the OTL EXTRA logfile:

OTL Extras logfile created on: 5/4/2011 2:41:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Arjon\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 180.96 Gb Free Space | 39.79% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.74 Gb Free Space | 38.32% Space Free | Partition Type: NTFS

Computer Name: ARJON-THINK | User Name: Arjon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0143BC25-D431-44bf-85EA-082CA5EA851D}" = DSLR Remote Pro
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A660D90-BC82-4D25-BD19-5B86C8789904}" = PDF Composer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4330AAE7-1893-42F9-BC38-539A1A60530B}" = Mobile Broadband
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A2DF67E-9199-4A4E-A2BF-80FB12DA23D1}" = i-Clickr
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1" = TPFanControl v0.62
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.42
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC1F49BC-8C71-484C-B2D6-DDDA10AC9999}" = VitalSource Bookshelf
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.98 Professional Edition
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows Driver Package - Intel (HECI) System (09/17/2009 6.0.0.1179)
"4Media Photo Slideshow Maker" = 4Media Photo Slideshow Maker
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
"5C7A2989588CD51E7DBF313D9E4B7DB4F66AE192" = Windows Driver Package - Intel (e1kexpress) Net (12/10/2009 11.5.10.0)
"7D0F5312FCD010C924A5F6856298FB1A3158B9E5" = Windows Driver Package - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1)
"7-Zip" = 7-Zip 9.20
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Almeza MultiSet Professional_is1" = Almeza MultiSet Professional 7.8.8
"AnyToISO_is1" = AnyToISO
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"BurnAware Free_is1" = BurnAware Free 3.2
"C66535CA6304603B86F44D3775D6CC25119F994C" = Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"conduitEngine" = Conduit Engine
"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows Vista/7
"DivX Setup.divx.com" = DivX Setup
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"Easy Watermark Studio2.1" = Easy Watermark Studio
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
"GRT Recover My File_is1" = GRT Recover My File 2.6
"HMIP50_is1" = Hide My IP 5.2
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"jv16 PowerTools 2011" = jv16 PowerTools 2011
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OnScreenDisplay" = On Screen Display
"OpenAL" = OpenAL
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Pharos" = Pharos
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"Search Toolbar" = Search Toolbar
"Software Informer_is1" = Software Informer 1.0 BETA
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TotalRecorder" = Total Recorder 8.1
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Author_is1" = WinX DVD Author 5.9
"WinX DVD Copy Pro_is1" = WinX DVD Copy Pro 2.0.0
"Wondershare iMate_is1" = Wondershare iMate(Build 1.0.0.11)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/3/2011 11:42:21 AM | Computer Name = Arjon-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7aa85 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00650052 Faulting process id: 0x16d0 Faulting application
start time: 0x01cc09a868442485 Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: eecb9016-759b-11e0-8cc0-005056c00008

Error - 5/3/2011 11:45:53 AM | Computer Name = Arjon-THINK | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
Event
Info: Set Information Process Action Taken: Logged Actor Process: C:\Program Files\TuneUp
Utilities 2011\TuneUpUtilitiesService32.exe (PID 3536) Time: Tuesday, May 03, 2011
11:45:53 AM

Error - 5/3/2011 12:06:00 PM | Computer Name = Arjon-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/3/2011 12:06:55 PM | Computer Name = Arjon-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14742

Error - 5/3/2011 12:06:55 PM | Computer Name = Arjon-THINK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14742

Error - 5/3/2011 5:43:18 PM | Computer Name = Arjon-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7aa85 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00670065 Faulting process id: 0x1f30 Faulting application
start time: 0x01cc09db17077261 Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: 5aecda9d-75ce-11e0-8cc0-005056c00008

Error - 5/3/2011 5:43:54 PM | Computer Name = Arjon-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7aa85 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00650052 Faulting process id: 0x1fd8 Faulting application
start time: 0x01cc09db3113eb45 Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: 709e266d-75ce-11e0-8cc0-005056c00008

Error - 5/3/2011 5:59:58 PM | Computer Name = Arjon-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7aa85 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0063007b Faulting process id: 0x11cc Faulting application
start time: 0x01cc09dd288b99de Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: aeffcb46-75d0-11e0-8cc0-005056c00008

Error - 5/3/2011 6:07:23 PM | Computer Name = Arjon-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7aa85 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00530062 Faulting process id: 0x1f8 Faulting application
start time: 0x01cc09de3266bc8c Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: b8536f9b-75d1-11e0-9985-005056c00008

Error - 5/3/2011 6:10:22 PM | Computer Name = Arjon-THINK | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time
stamp: 0x4ce7aa85 Faulting module name: PSS0AF77.DLL, version: 3.2.0.3901, time
stamp: 0x44e514d6 Exception code: 0xc0000005 Fault offset: 0x0000007b Faulting process
id: 0x1af0 Faulting application start time: 0x01cc09dea3f928e8 Faulting application
path: C:\Windows\System32\spoolsv.exe Faulting module path: C:\Windows\system32\PSS0AF77.DLL
Report
Id: 2367b7d8-75d2-11e0-9985-005056c00008

[ System Events ]
Error - 5/3/2011 5:44:01 PM | Computer Name = Arjon-THINK | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
5 time(s).

Error - 5/3/2011 6:00:01 PM | Computer Name = Arjon-THINK | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
6 time(s).

Error - 5/3/2011 6:07:30 PM | Computer Name = Arjon-THINK | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/3/2011 6:08:12 PM | Computer Name = Arjon-THINK | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 5/3/2011 6:08:28 PM | Computer Name = Arjon-THINK | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/3/2011 6:10:31 PM | Computer Name = Arjon-THINK | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/3/2011 6:12:20 PM | Computer Name = Arjon-THINK | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).

Error - 5/3/2011 7:46:26 PM | Computer Name = Arjon-THINK | Source = DCOM | ID = 10016
Description =

Error - 5/3/2011 8:56:47 PM | Computer Name = Arjon-THINK | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the LMS service.

Error - 5/3/2011 10:09:20 PM | Computer Name = Arjon-THINK | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >



Again sorry about that.
Thank you
  • 0

#8
sempai
Posted 05 May 2011 - 03:19 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Now we can proceed, thanks.


P2P Warning:
BitTorrent

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



Asksbar/Ask Toolbar warning:
I strongly suggest that you uninstall Asksbar/Ask Toolbar. Some of the bad practices of this toolbar are:
  • Promoting its toolbars on sites targeted to kids. Details.
  • Promoting its toolbars through ads that appear to be part of other companies' sites. Details.
  • Promoting its toolbars through other companies' spyware. Details.
  • Installing without any disclosure whatsoever and without any consent whatsoever. Details.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link. Details.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit. Details.
Please read the full details HERE.


===================================



1. Please uninstall Search Toolbar because it's an adware, see here -> http://www.systemloo...oolbar_dll.html



2. Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#9
ardoc14
Posted 05 May 2011 - 06:46 AM

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello,
I uninstalled Ask and Search taskbar before running the Combofix but uninstalled BitTorrent after running Combofix, I am not sure if that has an effect on the log.

Here is the log:

ComboFix 11-05-04.04 - Arjon 05/05/2011 8:13.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2996.1139 [GMT -4:00]
Running from: c:\users\Arjon\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Arjon\AppData\Roaming\.#
c:\users\Arjon\AppData\Roaming\EurekaLog
c:\users\Arjon\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\windows\system32\spool\prtprocs\w32x86\PSR0AF4E.DLL
c:\windows\system32\spool\prtprocs\w32x86\PSS0AF76.DLL
c:\windows\system32\spool\prtprocs\w32x86\PSS0AF77.DLL
c:\windows\system32\spool\prtprocs\w32x86\PSS0AF78.DLL
c:\windows\system32\SystemRs11.sm.SYS
c:\windows\system32\Thumbs.db
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 12:27 . 2011-05-05 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-05 11:48 . 2011-05-05 11:50 -------- d-----w- c:\users\Arjon\AppData\Roaming\FILEminimizer
2011-05-05 11:47 . 2011-05-05 11:48 -------- d-----w- c:\program files\FILEminimizer Office
2011-05-04 18:10 . 2011-05-04 18:10 -------- d-----w- c:\users\Arjon\AppData\Roaming\ParetoLogic
2011-05-04 18:10 . 2011-05-04 18:10 -------- d-----w- c:\users\Arjon\AppData\Roaming\DriverCure
2011-05-04 18:09 . 2011-05-04 18:27 -------- d-----w- c:\programdata\ParetoLogic
2011-05-04 17:54 . 2011-05-04 18:06 -------- d-----w- c:\users\Arjon\AppData\Roaming\FixCleaner
2011-05-04 17:54 . 2011-05-04 18:22 -------- d-----w- c:\program files\FixCleaner
2011-05-04 17:10 . 2011-05-04 17:10 11264 ----a-w- c:\windows\system32\PSS0082F.DLL
2011-05-04 17:09 . 2007-02-22 19:33 249856 ----a-w- c:\windows\system32\PSR0059B.DLL
2011-05-04 17:01 . 2011-05-04 17:01 -------- d-----w- c:\programdata\PC-Doctor for Windows
2011-05-04 16:59 . 2011-03-31 23:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-05-04 16:59 . 2011-03-31 23:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-05-04 16:59 . 2011-03-31 23:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-05-04 16:59 . 2011-03-31 23:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-05-03 22:33 . 2011-05-03 22:33 -------- d-----w- c:\users\Arjon\AppData\Roaming\PCDr
2011-05-03 15:45 . 2011-05-03 15:45 -------- d-----w- c:\program files\Aviosoft
2011-05-03 04:03 . 2011-05-03 04:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
2011-05-03 03:11 . 2011-05-03 03:11 -------- d-----w- c:\program files\Citrix
2011-05-02 18:49 . 2011-05-02 18:49 -------- d-----w- c:\programdata\xml_param
2011-05-02 17:06 . 2011-05-02 19:47 -------- d-----w- c:\users\Arjon\AppData\Roaming\DivX
2011-05-02 17:06 . 2011-05-02 17:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-05-02 17:05 . 2011-05-02 17:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-05-02 17:04 . 2011-05-02 17:07 -------- d-----w- c:\programdata\DivX
2011-05-02 16:19 . 2011-05-02 16:51 -------- d-----w- c:\program files\ElcomSoft
2011-05-02 01:59 . 2011-05-02 01:59 -------- d-----w- c:\program files\Common Files\SPBA
2011-05-01 18:18 . 2011-05-01 18:18 11264 ----a-w- c:\windows\system32\PSS01D1D.DLL
2011-05-01 17:41 . 2011-05-01 17:41 -------- d-----w- c:\windows\system32\SPReview
2011-05-01 17:34 . 2011-05-01 17:34 -------- d-----w- c:\windows\system32\EventProviders
2011-05-01 17:25 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-01 17:25 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-05-01 17:25 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-05-01 17:25 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-05-01 17:25 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-01 17:25 . 2010-11-20 12:19 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-05-01 17:25 . 2010-11-20 12:19 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-05-01 17:25 . 2010-11-20 12:21 1159168 ----a-w- c:\windows\system32\sysmain.dll
2011-05-01 17:25 . 2010-11-20 12:21 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2011-05-01 17:25 . 2010-11-20 12:17 327168 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-05-01 17:23 . 2010-11-20 12:20 585728 ----a-w- c:\windows\system32\qmgr.dll
2011-05-01 17:22 . 2010-11-20 12:19 2151936 ----a-w- c:\windows\system32\mmcndmgr.dll
2011-05-01 17:21 . 2010-11-20 12:24 194800 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-05-01 17:20 . 2010-11-20 12:30 56192 ----a-w- c:\windows\system32\drivers\partmgr.sys
2011-05-01 17:19 . 2010-11-20 12:19 414208 ----a-w- c:\windows\system32\mspbda.dll
2011-05-01 17:18 . 2010-11-20 12:20 236544 ----a-w- c:\windows\system32\pdh.dll
2011-05-01 17:17 . 2010-11-20 12:21 36352 ----a-w- c:\windows\system32\wshbth.dll
2011-05-01 17:16 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-01 17:16 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-05-01 17:16 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-01 17:16 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-05-01 17:15 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-05-01 17:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-05-01 17:15 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-05-01 17:14 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-05-01 17:14 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-05-01 16:08 . 2011-05-01 16:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-01 16:06 . 2011-05-01 16:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-01 16:06 . 2011-05-01 16:08 -------- d-----w- c:\program files\Symantec
2011-05-01 07:08 . 2011-05-01 07:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\f-secure
2011-05-01 07:00 . 2011-05-01 06:57 574632 ----a-w- c:\windows\system32\msvcp50.dll
2011-05-01 06:58 . 2011-05-04 02:26 -------- d-----w- c:\program files\F-Secure
2011-05-01 06:49 . 2011-05-01 06:55 -------- d-----w- c:\programdata\fssg
2011-05-01 06:43 . 2011-05-01 06:59 -------- d-----w- c:\programdata\f-secure
2011-05-01 06:11 . 2011-05-04 15:55 -------- d-----w- c:\users\Arjon\AppData\Local\ElevatedDiagnostics
2011-04-30 23:53 . 2011-04-30 23:53 -------- d-----w- c:\users\Arjon\AppData\Roaming\AVSoftware
2011-04-30 23:51 . 2011-02-28 22:55 303240 ----a-w- c:\windows\system32\AVLib.dll
2011-04-30 23:51 . 2011-05-04 02:26 -------- d-----w- c:\program files\Hide The IP
2011-04-30 23:50 . 2011-04-30 23:50 -------- d-----w- c:\users\Arjon\AppData\Local\PackageAware
2011-04-30 18:53 . 2011-04-30 18:53 -------- d-----w- c:\users\Arjon\AppData\Local\{9CDD5999-74CB-4416-9385-5C398ED8F46D}
2011-04-30 18:43 . 2011-04-30 18:43 -------- d-----w- c:\program files\DownloadToolz
2011-04-30 16:40 . 2010-06-15 22:27 282928 ----a-w- c:\windows\system32\HMIPCore.dll
2011-04-30 16:40 . 2011-04-30 16:40 -------- d-----w- c:\program files\Hide My IP
2011-04-30 04:14 . 2011-04-30 04:14 22 --sha-w- c:\users\Arjon\AppData\Roaming\Sys2662.Config.Repository.bin
2011-04-30 04:13 . 2011-04-30 04:31 -------- d-----w- c:\program files\jv16 PowerTools 2011
2011-04-29 12:41 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{948C61C1-5510-4466-B4A4-862A10BE8D9F}\mpengine.dll
2011-04-29 11:27 . 2011-04-29 11:27 -------- d-----w- c:\program files\GRT Recover My File
2011-04-28 22:25 . 2011-04-28 22:26 -------- d-----w- c:\users\Arjon\AppData\Local\{7A831A41-C098-4F1E-AA3B-5CA24E913A41}
2011-04-28 01:41 . 2011-04-28 01:41 -------- d-----w- c:\users\Arjon\AppData\Local\{B2641D65-771F-43D0-95BB-B2846A207F3E}
2011-04-27 17:38 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 17:37 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-04-27 17:37 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 17:37 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 17:37 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 17:37 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 17:37 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 17:37 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 17:37 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 17:37 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 17:37 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2011-04-26 16:23 . 2011-04-26 16:23 -------- d-----w- c:\users\Arjon\AppData\Local\Symantec
2011-04-26 16:07 . 2011-04-26 16:07 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-04-26 11:45 . 2011-04-26 11:45 -------- d-----w- c:\program files\CellSoftNet
2011-04-26 06:40 . 2011-05-01 16:10 -------- d-----w- c:\programdata\Symantec
2011-04-26 05:24 . 2011-04-26 05:24 -------- d-----w- c:\users\Arjon\AppData\Roaming\AVG10
2011-04-26 05:23 . 2011-04-26 05:23 -------- d--h--w- c:\programdata\Common Files
2011-04-26 05:22 . 2011-04-26 18:25 -------- d-----w- c:\programdata\AVG10
2011-04-26 05:21 . 2011-04-26 05:21 -------- d-----w- c:\program files\AVG
2011-04-26 05:19 . 2011-04-26 18:24 -------- d-----w- c:\programdata\MFAData
2011-04-26 04:37 . 2007-03-22 00:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-04-26 04:37 . 2007-03-22 00:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2011-04-26 04:37 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-04-26 02:28 . 2011-04-26 02:28 -------- d-----w- c:\users\Arjon\AppData\Local\Ashisoft
2011-04-25 15:33 . 2011-04-25 15:33 -------- d-----w- c:\users\Arjon\AppData\Local\{5A6A820E-6F03-4F15-8D1A-560276E81C68}
2011-04-25 15:23 . 2011-04-25 15:23 -------- d-----w- c:\program files\Almeza
2011-04-25 04:06 . 2011-04-25 04:08 -------- d-----w- c:\users\Arjon\.shsh
2011-04-25 04:06 . 2011-04-25 04:06 -------- d-----w- c:\program files\Common Files\Java
2011-04-25 04:05 . 2011-04-25 04:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-24 07:11 . 2011-04-24 07:15 -------- d-----w- C:\AllMySongs Database
2011-04-24 07:11 . 2011-04-24 07:11 -------- d-----w- c:\windows\AllMySongs Database
2011-04-24 03:40 . 2011-04-24 03:40 -------- d-----w- c:\users\Arjon\AppData\Roaming\InterVideo
2011-04-24 03:24 . 2011-04-24 03:28 -------- d-----w- c:\users\Arjon\AppData\Roaming\dvdcss
2011-04-23 20:22 . 2011-04-23 20:25 -------- d-----w- c:\users\Arjon\AppData\Roaming\Digiarty
2011-04-23 20:22 . 2011-04-23 20:25 -------- d-----w- c:\program files\Digiarty
2011-04-22 13:14 . 2011-04-22 13:14 -------- d-----w- c:\users\Arjon\AppData\Roaming\4Media
2011-04-22 13:14 . 2011-04-22 13:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-22 13:14 . 2011-04-22 13:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-22 13:14 . 2011-04-22 13:14 -------- d-----w- c:\program files\OpenAL
2011-04-22 13:11 . 2011-04-22 13:11 -------- d-----w- c:\programdata\4Media
2011-04-22 13:11 . 2011-04-22 13:11 -------- d-----w- c:\program files\4Media
2011-04-21 04:54 . 2011-04-21 04:54 -------- d--h--w- c:\windows\system32\WLANProfiles
2011-04-21 02:59 . 2011-04-21 02:59 -------- d-----w- c:\users\Arjon\AppData\Local\Yahoo!
2011-04-21 02:58 . 2011-04-21 03:16 -------- d-----w- c:\programdata\Yahoo! Companion
2011-04-21 02:57 . 2011-04-21 02:58 -------- d-----w- c:\users\Arjon\AppData\Local\{751E3DE2-98D0-4004-87D8-518F7492A1C1}
2011-04-20 16:46 . 2011-04-20 16:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-20 16:46 . 2011-04-20 16:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 17:45 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-19 07:52 . 2010-08-12 19:39 513384 ------w- c:\windows\PWMBTHLV.EXE
2011-04-19 07:52 . 2010-08-12 19:39 816488 ------w- c:\windows\system32\PWMCP32V.cpl
2011-04-19 07:52 . 2010-08-12 19:39 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-04-19 07:52 . 2010-08-12 19:39 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2011-04-01 18:13 . 2010-06-24 18:33 18328 ------w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-31 23:30 . 2011-03-30 23:46 173352 ----a-w- c:\windows\system32\SynCOM.dll
2011-03-26 03:52 . 2011-03-26 03:52 854256 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-03-26 03:52 . 2011-03-26 03:52 70768 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-03-26 02:27 . 2011-03-26 02:27 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-03-26 02:00 . 2011-03-26 02:00 252528 ----a-w- c:\windows\system32\vmnc.dll
2011-03-26 00:05 . 2011-03-26 00:05 59952 ----a-w- c:\windows\system32\vnetinst.dll
2011-03-26 00:05 . 2011-03-26 00:05 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-03-26 00:05 . 2011-03-26 00:05 36400 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-03-26 00:05 . 2011-03-26 00:05 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2011-03-26 00:05 . 2011-03-26 00:05 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-03-26 00:05 . 2011-03-26 00:05 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-02-22 22:30 . 2010-08-12 19:34 6068224 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-22 22:06 . 2010-08-12 19:34 24576 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-22 22:05 . 2010-08-12 19:34 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-22 22:05 . 2010-08-12 19:34 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-22 22:05 . 2010-08-12 19:34 288768 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-22 22:04 . 2011-03-30 23:47 9030656 ----a-w- c:\windows\system32\igfxress.dll
2011-02-19 06:30 . 2011-03-31 15:49 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-31 15:49 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-31 15:49 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 23:36 . 2011-02-18 23:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 23:36 . 2011-02-18 23:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-05 08:02 . 2011-03-30 23:59 75968 ------w- c:\windows\system32\NicInstK.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 16:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 16:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-22 2423752]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]
"googletalk"="c:\users\Arjon\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"TpShocks"="TpShocks.exe" [2010-07-02 337256]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-16 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-04-19 1258856]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2010-04-23 154112]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2011-03-26 129648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-23 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-23 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-23 178200]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-12-08 55120]
.
c:\users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-4-9 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2011-3-31 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-08 17:16 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Arjon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl389c211a;MpKsl389c211a; [x]
R1 MpKsl9ba18f35;MpKsl9ba18f35; [x]
R1 MpKsld24bba77;MpKsld24bba77; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-04-19 292200]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2010-07-06 3039536]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-03-18 6758912]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-08-12 816792]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 99768]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-31 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-04-19 25968]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 13752]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-26 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-01-13 132608]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-07-22 215208]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-18 102448]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131664]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91728]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000Core.job
- c:\users\Arjon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-30 23:37]
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000UA.job
- c:\users\Arjon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-30 23:37]
.
2011-05-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2011-05-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc214F6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{0FB0A47E-4EAC-54A1-6140-803A0B688B68}*\InprocServer32]
"{0FB0A47E-4EAC-54A1-6140-803A0B688B68}"=hex:25,2a,7a,d5,53,37,8e,f5,90,c5,15,
97,8d,ef,30,dd,3a,d6,f9,d4,34,08,98,6b,25,2a,7a,d5,53,37,8e,f5,25,2a,7a,d5,\
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{828D78C5-C315-06B0-D7B2-017477583F6A}*\InprocServer32]
"{828D78C5-C315-06B0-D7B2-017477583F6A}"=hex:88,03,11,60,a8,1b,e7,cc,ab,80,86,
14,72,db,aa,7b,a1,21,26,64,a4,13,02,79,88,03,11,60,a8,1b,e7,cc,88,03,11,60,\
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{8BE79F53-1B1F-ABAE-E499-4F12F4286A57}*\InprocServer32]
"{8BE79F53-1B1F-ABAE-E499-4F12F4286A57}"=hex:f8,6a,4d,3e,c2,ec,af,b6,89,10,99,
9f,dd,63,2f,58,ee,22,55,27,1b,32,d5,b6,f8,6a,4d,3e,c2,ec,af,b6,f8,6a,4d,3e,\
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{B9958359-938C-6473-619E-7C573D8BE298}*\InprocServer32]
"{B9958359-938C-6473-619E-7C573D8BE298}"=hex:60,f8,eb,12,fd,86,30,8f,6a,d3,a7,
c5,27,d5,4e,7f,a3,5a,f1,91,bc,a1,9b,af,60,f8,eb,12,fd,86,30,8f,60,f8,eb,12,\
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{C775AAD5-CB65-755C-31D5-7E4BDEDE5E2B}*\InprocServer32]
"{C775AAD5-CB65-755C-31D5-7E4BDEDE5E2B}"=hex:57,d0,28,f3,87,5f,c4,1e,57,0b,4a,
35,15,65,0a,3f,65,0e,0d,43,52,05,8e,b5,57,d0,28,f3,87,5f,c4,1e,57,d0,28,f3,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
.
- - - - - - - > 'Explorer.exe'(1192)
c:\program files\PC-Doctor\ATLPcdToolbar580224.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\taskhost.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Client Security Solution\cssauth.exe
c:\program files\Lenovo\Rescue and Recovery\rrcmd.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-05-05 08:34:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-05 12:34
.
Pre-Run: 192,318,574,592 bytes free
Post-Run: 191,836,844,032 bytes free
.
- - End Of File - - F0D8C8BC3401973B7B437438C376D344
  • 0

#10
sempai
Posted 05 May 2011 - 07:17 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Are you using both AVG and symantec?


1. Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    c:\windows\system32\PSS0082F.DLL
    c:\windows\system32\PSR0059B.DLL
    c:\windows\system32\PSS01D1D.DLL

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.



2. We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

RegNull::
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{0FB0A47E-4EAC-54A1-6140-803A0B688B68}*\InprocServer32]
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{828D78C5-C315-06B0-D7B2-017477583F6A}*\InprocServer32]
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{8BE79F53-1B1F-ABAE-E499-4F12F4286A57}*\InprocServer32]
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{B9958359-938C-6473-619E-7C573D8BE298}*\InprocServer32]
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{C775AAD5-CB65-755C-31D5-7E4BDEDE5E2B}*\InprocServer32]

Registry::
[-HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{0FB0A47E-4EAC-54A1-6140-803A0B688B68}
[-HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{828D78C5-C315-06B0-D7B2-017477583F6A}
[-HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{8BE79F53-1B1F-ABAE-E499-4F12F4286A57}
[-HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{B9958359-938C-6473-619E-7C573D8BE298}
[-HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{C775AAD5-CB65-755C-31D5-7E4BDEDE5E2B}

Driver::
MpKsl389c211a
MpKsl9ba18f35
MpKsld24bba77

DirLook::
C:\Users\Arjon\AppData\Local\{9CDD5999-74CB-4416-9385-5C398ED8F46D}
c:\users\Arjon\AppData\Local\{7A831A41-C098-4F1E-AA3B-5CA24E913A41}
c:\users\Arjon\AppData\Local\{B2641D65-771F-43D0-95BB-B2846A207F3E}

4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


  • 0

Advertisements

#11
ardoc14
Posted 05 May 2011 - 02:21 PM

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the new log




ComboFix 11-05-04.04 - Arjon 05/05/2011 16:01:11.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2996.1139 [GMT -4:00]
Running from: c:\users\Arjon\Desktop\New folder\ComboFix.exe
Command switches used :: c:\users\Arjon\Desktop\New folder\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5802\AddOnDownloaded\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc.dll
c:\programdata\PCDr\5802\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5802\AddOnDownloaded\194d1dc8-fbc8-481a-aa95-bf545be1d569.dll
c:\programdata\PCDr\5802\AddOnDownloaded\283cdc40-c633-4749-b3ad-8eb5e8b11b5c.dll
c:\programdata\PCDr\5802\AddOnDownloaded\36dafa7c-3454-401e-9405-7fa73986716d.dll
c:\programdata\PCDr\5802\AddOnDownloaded\434b795d-fe06-4495-801e-fa92d93babbc.dll
c:\programdata\PCDr\5802\AddOnDownloaded\4506fabd-988f-4627-a1de-44b2f1093b08.dll
c:\programdata\PCDr\5802\AddOnDownloaded\54874b0a-fb04-44ef-ad2b-c957aafea033.dll
c:\programdata\PCDr\5802\AddOnDownloaded\562ad818-216b-4d77-8b40-834630104d2c.dll
c:\programdata\PCDr\5802\AddOnDownloaded\60e1ddc2-8de1-4bd0-8e65-4c3d56791c8e.dll
c:\programdata\PCDr\5802\AddOnDownloaded\6a673ee4-43f7-4820-9e11-38692474f211.dll
c:\programdata\PCDr\5802\AddOnDownloaded\746b3523-df66-4ed9-beaa-88464b84933f.dll
c:\programdata\PCDr\5802\AddOnDownloaded\83db0f34-4452-4946-92c2-31dcd99767dd.dll
c:\programdata\PCDr\5802\AddOnDownloaded\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dll
c:\programdata\PCDr\5802\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\programdata\PCDr\5802\AddOnDownloaded\aaafe845-287d-4966-bd17-65877f9d0d2e.dll
c:\programdata\PCDr\5802\AddOnDownloaded\b34a10f6-a592-424f-af97-b051783f9dd2.dll
c:\programdata\PCDr\5802\AddOnDownloaded\b52e5bed-821a-41fc-9d4b-24d443ee0ad9.dll
c:\programdata\PCDr\5802\AddOnDownloaded\bead45d2-b2dc-44e3-94f8-c7de6979be60.dll
c:\programdata\PCDr\5802\AddOnDownloaded\d754c4cc-ae68-4d17-afb7-55002296e1e2.dll
c:\programdata\PCDr\5802\AddOnDownloaded\ec6735a3-9204-4734-bb0f-5859e58b13b2.dll
c:\programdata\PCDr\5802\AddOnDownloaded\f1d18230-9731-47f0-b9f4-b537abcbb39c.dll
c:\programdata\PCDr\5802\AddOnDownloaded\f45a4f6c-32c1-48c0-9ee9-e840f397e395.dll
c:\programdata\PCDr\5802\AddOnDownloaded\f64109b2-74cc-4638-ae17-228b7886774b.dll
c:\programdata\PCDr\5802\AddOnDownloaded\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 20:14 . 2011-05-05 20:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-05 20:14 . 2011-05-05 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-05 11:48 . 2011-05-05 11:50 -------- d-----w- c:\users\Arjon\AppData\Roaming\FILEminimizer
2011-05-05 11:47 . 2011-05-05 11:48 -------- d-----w- c:\program files\FILEminimizer Office
2011-05-04 18:10 . 2011-05-04 18:10 -------- d-----w- c:\users\Arjon\AppData\Roaming\ParetoLogic
2011-05-04 18:10 . 2011-05-04 18:10 -------- d-----w- c:\users\Arjon\AppData\Roaming\DriverCure
2011-05-04 18:09 . 2011-05-04 18:27 -------- d-----w- c:\programdata\ParetoLogic
2011-05-04 17:54 . 2011-05-04 18:06 -------- d-----w- c:\users\Arjon\AppData\Roaming\FixCleaner
2011-05-04 17:54 . 2011-05-04 18:22 -------- d-----w- c:\program files\FixCleaner
2011-05-04 17:10 . 2011-05-04 17:10 11264 ----a-w- c:\windows\system32\PSS0082F.DLL
2011-05-04 17:09 . 2007-02-22 19:33 249856 ----a-w- c:\windows\system32\PSR0059B.DLL
2011-05-04 17:01 . 2011-05-04 17:01 -------- d-----w- c:\programdata\PC-Doctor for Windows
2011-05-04 16:59 . 2011-03-31 23:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-05-04 16:59 . 2011-03-31 23:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-05-04 16:59 . 2011-03-31 23:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-05-04 16:59 . 2011-03-31 23:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-05-03 22:33 . 2011-05-03 22:33 -------- d-----w- c:\users\Arjon\AppData\Roaming\PCDr
2011-05-03 15:45 . 2011-05-03 15:45 -------- d-----w- c:\program files\Aviosoft
2011-05-03 04:03 . 2011-05-03 04:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
2011-05-03 03:11 . 2011-05-03 03:11 -------- d-----w- c:\program files\Citrix
2011-05-02 18:49 . 2011-05-02 18:49 -------- d-----w- c:\programdata\xml_param
2011-05-02 17:06 . 2011-05-02 19:47 -------- d-----w- c:\users\Arjon\AppData\Roaming\DivX
2011-05-02 17:06 . 2011-05-02 17:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-05-02 17:05 . 2011-05-02 17:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-05-02 17:04 . 2011-05-02 17:07 -------- d-----w- c:\programdata\DivX
2011-05-02 16:19 . 2011-05-02 16:51 -------- d-----w- c:\program files\ElcomSoft
2011-05-02 01:59 . 2011-05-02 01:59 -------- d-----w- c:\program files\Common Files\SPBA
2011-05-01 18:18 . 2011-05-01 18:18 11264 ----a-w- c:\windows\system32\PSS01D1D.DLL
2011-05-01 17:41 . 2011-05-01 17:41 -------- d-----w- c:\windows\system32\SPReview
2011-05-01 17:34 . 2011-05-01 17:34 -------- d-----w- c:\windows\system32\EventProviders
2011-05-01 17:25 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-01 17:25 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-05-01 17:25 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-05-01 17:25 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-05-01 17:25 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-01 17:25 . 2010-11-20 12:19 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-05-01 17:25 . 2010-11-20 12:19 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-05-01 17:25 . 2010-11-20 12:21 1159168 ----a-w- c:\windows\system32\sysmain.dll
2011-05-01 17:25 . 2010-11-20 12:21 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2011-05-01 17:25 . 2010-11-20 12:17 327168 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-05-01 17:23 . 2010-11-20 12:20 585728 ----a-w- c:\windows\system32\qmgr.dll
2011-05-01 17:22 . 2010-11-20 12:19 2151936 ----a-w- c:\windows\system32\mmcndmgr.dll
2011-05-01 17:21 . 2010-11-20 12:24 194800 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-05-01 17:20 . 2010-11-20 12:30 56192 ----a-w- c:\windows\system32\drivers\partmgr.sys
2011-05-01 17:19 . 2010-11-20 12:19 414208 ----a-w- c:\windows\system32\mspbda.dll
2011-05-01 17:18 . 2010-11-20 12:20 236544 ----a-w- c:\windows\system32\pdh.dll
2011-05-01 17:17 . 2010-11-20 12:21 36352 ----a-w- c:\windows\system32\wshbth.dll
2011-05-01 17:16 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-01 17:16 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-05-01 17:16 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-01 17:16 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-05-01 17:15 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-05-01 17:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-05-01 17:15 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-05-01 17:14 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-05-01 17:14 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-05-01 16:08 . 2011-05-01 16:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-01 16:06 . 2011-05-01 16:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-01 16:06 . 2011-05-01 16:08 -------- d-----w- c:\program files\Symantec
2011-05-01 07:08 . 2011-05-01 07:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\f-secure
2011-05-01 07:00 . 2011-05-01 06:57 574632 ----a-w- c:\windows\system32\msvcp50.dll
2011-05-01 06:58 . 2011-05-04 02:26 -------- d-----w- c:\program files\F-Secure
2011-05-01 06:49 . 2011-05-01 06:55 -------- d-----w- c:\programdata\fssg
2011-05-01 06:43 . 2011-05-01 06:59 -------- d-----w- c:\programdata\f-secure
2011-05-01 06:11 . 2011-05-04 15:55 -------- d-----w- c:\users\Arjon\AppData\Local\ElevatedDiagnostics
2011-04-30 23:53 . 2011-04-30 23:53 -------- d-----w- c:\users\Arjon\AppData\Roaming\AVSoftware
2011-04-30 23:51 . 2011-02-28 22:55 303240 ----a-w- c:\windows\system32\AVLib.dll
2011-04-30 23:51 . 2011-05-04 02:26 -------- d-----w- c:\program files\Hide The IP
2011-04-30 23:50 . 2011-04-30 23:50 -------- d-----w- c:\users\Arjon\AppData\Local\PackageAware
2011-04-30 18:53 . 2011-04-30 18:53 -------- d-----w- c:\users\Arjon\AppData\Local\{9CDD5999-74CB-4416-9385-5C398ED8F46D}
2011-04-30 18:43 . 2011-04-30 18:43 -------- d-----w- c:\program files\DownloadToolz
2011-04-30 16:40 . 2010-06-15 22:27 282928 ----a-w- c:\windows\system32\HMIPCore.dll
2011-04-30 16:40 . 2011-04-30 16:40 -------- d-----w- c:\program files\Hide My IP
2011-04-30 04:14 . 2011-04-30 04:14 22 --sha-w- c:\users\Arjon\AppData\Roaming\Sys2662.Config.Repository.bin
2011-04-30 04:13 . 2011-04-30 04:31 -------- d-----w- c:\program files\jv16 PowerTools 2011
2011-04-29 12:41 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{948C61C1-5510-4466-B4A4-862A10BE8D9F}\mpengine.dll
2011-04-29 11:27 . 2011-04-29 11:27 -------- d-----w- c:\program files\GRT Recover My File
2011-04-28 22:25 . 2011-04-28 22:26 -------- d-----w- c:\users\Arjon\AppData\Local\{7A831A41-C098-4F1E-AA3B-5CA24E913A41}
2011-04-28 01:41 . 2011-04-28 01:41 -------- d-----w- c:\users\Arjon\AppData\Local\{B2641D65-771F-43D0-95BB-B2846A207F3E}
2011-04-27 17:38 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 17:37 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-04-27 17:37 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 17:37 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 17:37 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 17:37 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 17:37 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 17:37 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 17:37 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 17:37 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 17:37 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2011-04-26 16:23 . 2011-04-26 16:23 -------- d-----w- c:\users\Arjon\AppData\Local\Symantec
2011-04-26 16:07 . 2011-04-26 16:07 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-04-26 11:45 . 2011-04-26 11:45 -------- d-----w- c:\program files\CellSoftNet
2011-04-26 06:40 . 2011-05-01 16:10 -------- d-----w- c:\programdata\Symantec
2011-04-26 05:24 . 2011-04-26 05:24 -------- d-----w- c:\users\Arjon\AppData\Roaming\AVG10
2011-04-26 05:23 . 2011-04-26 05:23 -------- d--h--w- c:\programdata\Common Files
2011-04-26 05:22 . 2011-04-26 18:25 -------- d-----w- c:\programdata\AVG10
2011-04-26 05:21 . 2011-04-26 05:21 -------- d-----w- c:\program files\AVG
2011-04-26 05:19 . 2011-04-26 18:24 -------- d-----w- c:\programdata\MFAData
2011-04-26 04:37 . 2007-03-22 00:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-04-26 04:37 . 2007-03-22 00:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2011-04-26 04:37 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-04-26 02:28 . 2011-04-26 02:28 -------- d-----w- c:\users\Arjon\AppData\Local\Ashisoft
2011-04-25 15:33 . 2011-04-25 15:33 -------- d-----w- c:\users\Arjon\AppData\Local\{5A6A820E-6F03-4F15-8D1A-560276E81C68}
2011-04-25 15:23 . 2011-04-25 15:23 -------- d-----w- c:\program files\Almeza
2011-04-25 04:06 . 2011-04-25 04:08 -------- d-----w- c:\users\Arjon\.shsh
2011-04-25 04:06 . 2011-04-25 04:06 -------- d-----w- c:\program files\Common Files\Java
2011-04-25 04:05 . 2011-04-25 04:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-24 07:11 . 2011-04-24 07:15 -------- d-----w- C:\AllMySongs Database
2011-04-24 07:11 . 2011-04-24 07:11 -------- d-----w- c:\windows\AllMySongs Database
2011-04-24 03:40 . 2011-04-24 03:40 -------- d-----w- c:\users\Arjon\AppData\Roaming\InterVideo
2011-04-24 03:24 . 2011-04-24 03:28 -------- d-----w- c:\users\Arjon\AppData\Roaming\dvdcss
2011-04-23 20:22 . 2011-04-23 20:25 -------- d-----w- c:\users\Arjon\AppData\Roaming\Digiarty
2011-04-23 20:22 . 2011-04-23 20:25 -------- d-----w- c:\program files\Digiarty
2011-04-22 13:14 . 2011-04-22 13:14 -------- d-----w- c:\users\Arjon\AppData\Roaming\4Media
2011-04-22 13:14 . 2011-04-22 13:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-22 13:14 . 2011-04-22 13:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-22 13:14 . 2011-04-22 13:14 -------- d-----w- c:\program files\OpenAL
2011-04-22 13:11 . 2011-04-22 13:11 -------- d-----w- c:\programdata\4Media
2011-04-22 13:11 . 2011-04-22 13:11 -------- d-----w- c:\program files\4Media
2011-04-21 04:54 . 2011-04-21 04:54 -------- d--h--w- c:\windows\system32\WLANProfiles
2011-04-21 02:59 . 2011-04-21 02:59 -------- d-----w- c:\users\Arjon\AppData\Local\Yahoo!
2011-04-21 02:58 . 2011-04-21 03:16 -------- d-----w- c:\programdata\Yahoo! Companion
2011-04-21 02:57 . 2011-04-21 02:58 -------- d-----w- c:\users\Arjon\AppData\Local\{751E3DE2-98D0-4004-87D8-518F7492A1C1}
2011-04-20 16:46 . 2011-04-20 16:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 17:45 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-19 07:52 . 2010-08-12 19:39 513384 ------w- c:\windows\PWMBTHLV.EXE
2011-04-19 07:52 . 2010-08-12 19:39 816488 ------w- c:\windows\system32\PWMCP32V.cpl
2011-04-19 07:52 . 2010-08-12 19:39 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-04-19 07:52 . 2010-08-12 19:39 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2011-04-01 18:13 . 2010-06-24 18:33 18328 ------w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-31 23:30 . 2011-03-30 23:46 173352 ----a-w- c:\windows\system32\SynCOM.dll
2011-03-26 03:52 . 2011-03-26 03:52 854256 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-03-26 03:52 . 2011-03-26 03:52 70768 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-03-26 02:27 . 2011-03-26 02:27 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-03-26 02:00 . 2011-03-26 02:00 252528 ----a-w- c:\windows\system32\vmnc.dll
2011-03-26 00:05 . 2011-03-26 00:05 59952 ----a-w- c:\windows\system32\vnetinst.dll
2011-03-26 00:05 . 2011-03-26 00:05 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-03-26 00:05 . 2011-03-26 00:05 36400 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-03-26 00:05 . 2011-03-26 00:05 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2011-03-26 00:05 . 2011-03-26 00:05 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-03-26 00:05 . 2011-03-26 00:05 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-02-22 22:30 . 2010-08-12 19:34 6068224 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-22 22:06 . 2010-08-12 19:34 24576 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-22 22:05 . 2010-08-12 19:34 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-22 22:05 . 2010-08-12 19:34 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-22 22:05 . 2010-08-12 19:34 288768 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-22 22:04 . 2011-03-30 23:47 9030656 ----a-w- c:\windows\system32\igfxress.dll
2011-02-19 06:30 . 2011-03-31 15:49 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-31 15:49 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-31 15:49 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 23:36 . 2011-02-18 23:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 23:36 . 2011-02-18 23:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-05 08:02 . 2011-03-30 23:59 75968 ------w- c:\windows\system32\NicInstK.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 16:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 16:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-22 2423752]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]
"googletalk"="c:\users\Arjon\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"TpShocks"="TpShocks.exe" [2010-07-02 337256]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-16 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-04-19 1258856]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2010-04-23 154112]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2011-03-26 129648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-23 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-23 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-23 178200]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-12-08 55120]
.
c:\users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-4-9 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2011-3-31 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-08 17:16 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Arjon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl389c211a;MpKsl389c211a; [x]
R1 MpKsl9ba18f35;MpKsl9ba18f35; [x]
R1 MpKsld24bba77;MpKsld24bba77; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-04-19 292200]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-03-18 6758912]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-08-12 816792]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 99768]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-31 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-04-19 25968]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 13752]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-26 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-01-13 132608]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-07-22 215208]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-18 102448]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2010-07-06 3039536]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]
S3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-03-31 21744]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131664]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91728]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PCDSRVC{3037D694-FD904ACA-06020101}_0
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000Core.job
- c:\users\Arjon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-30 23:37]
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000UA.job
- c:\users\Arjon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-30 23:37]
.
2011-05-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2011-05-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2011-05-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc2C715.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{0FB0A47E-4EAC-54A1-6140-803A0B688B68}*\InprocServer32]
"{0FB0A47E-4EAC-54A1-6140-803A0B688B68}"=hex:25,2a,7a,d5,53,37,8e,f5,90,c5,15,
97,8d,ef,30,dd,3a,d6,f9,d4,34,08,98,6b,25,2a,7a,d5,53,37,8e,f5,25,2a,7a,d5,\
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{828D78C5-C315-06B0-D7B2-017477583F6A}*\InprocServer32]
"{828D78C5-C315-06B0-D7B2-017477583F6A}"=hex:88,03,11,60,a8,1b,e7,cc,ab,80,86,
14,72,db,aa,7b,a1,21,26,64,a4,13,02,79,88,03,11,60,a8,1b,e7,cc,88,03,11,60,\
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{8BE79F53-1B1F-ABAE-E499-4F12F4286A57}*\InprocServer32]
"{8BE79F53-1B1F-ABAE-E499-4F12F4286A57}"=hex:f8,6a,4d,3e,c2,ec,af,b6,89,10,99,
9f,dd,63,2f,58,ee,22,55,27,1b,32,d5,b6,f8,6a,4d,3e,c2,ec,af,b6,f8,6a,4d,3e,\
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{B9958359-938C-6473-619E-7C573D8BE298}*\InprocServer32]
"{B9958359-938C-6473-619E-7C573D8BE298}"=hex:60,f8,eb,12,fd,86,30,8f,6a,d3,a7,
c5,27,d5,4e,7f,a3,5a,f1,91,bc,a1,9b,af,60,f8,eb,12,fd,86,30,8f,60,f8,eb,12,\
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000_Classes\Software\CLASSES\CLSID\{C775AAD5-CB65-755C-31D5-7E4BDEDE5E2B}*\InprocServer32]
"{C775AAD5-CB65-755C-31D5-7E4BDEDE5E2B}"=hex:57,d0,28,f3,87,5f,c4,1e,57,0b,4a,
35,15,65,0a,3f,65,0e,0d,43,52,05,8e,b5,57,d0,28,f3,87,5f,c4,1e,57,d0,28,f3,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(660)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
.
Completion time: 2011-05-05 16:15:42
ComboFix-quarantined-files.txt 2011-05-05 20:15
ComboFix2.txt 2011-05-05 12:34
.
Pre-Run: 191,662,940,160 bytes free
Post-Run: 191,611,695,104 bytes free
.
- - End Of File - - 84135D355DAB60448FF94C343966E682
  • 0

#12
sempai
Posted 07 May 2011 - 08:18 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Did you missed my question and instruction #1?
  • 0

#13
ardoc14
Posted 07 May 2011 - 11:55 AM

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I did not see the first step, sorry about that.

No I am only using Symantec. i uninstalled AVG after i got the Symantec. Another question that I have is it possible to upload all 3 files in virscan.org at the same time or I need to do the scan for everyfile separately??
  • 0

#14
sempai
Posted 08 May 2011 - 05:55 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi ardoc14,

You can only upload and scan a file one at a time so you will need to repeat the steps for every files. Thanks.
  • 0

#15
ardoc14
Posted 08 May 2011 - 10:21 AM

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello , here are the scans from virscan



VirSCAN.org Scanned Report :
Scanned time : 2011/05/07 13:52:07 (EDT)
Scanner results: Scanners did not find malware!
File Name : PSR0059B.DLL
File Size : 249856 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 32a614b2c1ffde3cac5d5f5d3e36c330
SHA1 : aea2081f64899e2489fa0170da5da175ffb00dfb
Online report : http://virscan.org/r...e67d07408f.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110507023245 2011-05-07 0.35 -
AhnLab V3 2011.05.06.05 2011.05.06 2011-05-06 0.48 -
AntiVir 8.2.4.228 7.11.7.176 2011-05-06 0.51 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.03 -
Arcavir 2011 201103241627 2011-03-24 0.34 -
Authentium 5.1.1 201105061810 2011-05-06 3.69 -
AVAST! 4.7.4 110506-0 2011-05-06 1.17 -
AVG 8.5.850 271.1.1/3620 2011-05-06 2.41 -
BitDefender 7.90123.7253568 7.37378 2011-05-07 11.47 -
ClamAV 0.96.5 13054 2011-05-07 0.17 -
Comodo 4.0 8611 2011-05-07 0.15 -
CP Secure 1.3.0.5 2011.05.07 2011-05-07 0.31 -
Dr.Web 5.0.2.3300 2011.05.07 2011-05-07 28.69 -
F-Prot 4.4.4.56 20110506 2011-05-06 5.75 -
F-Secure 7.02.73807 2011.05.06.07 2011-05-06 43.38 -
Fortinet 4.2.257 13.194 2011-05-07 4.81 -
GData 22.266/22.82 20110507 2011-05-07 40.10 -
ViRobot 20110506 2011.05.06 2011-05-06 12.73 -
Ikarus T3.1.32.20.0 2011.05.06.78336 2011-05-06 7.97 -
JiangMin 13.0.900 2011.05.03 2011-05-03 40.09 -
Kaspersky 5.5.10 2011.05.06 2011-05-06 0.24 -
KingSoft 2009.2.5.15 2011.5.7.18 2011-05-07 40.09 -
McAfee 5400.1158 6320 2011-04-18 26.14 -
Microsoft 1.6802 2011.05.07 2011-05-07 12.12 -
NOD32 3.0.21 6101 2011-05-06 0.34 -
Norman 6.07.08 6.07.00 2011-05-06 78.06 -
Panda 9.05.01 2011.05.07 2011-05-07 0.17 -
Trend Micro 9.200-1012 8.140.14 2011-05-06 8.94 -
Quick Heal 11.00 2011.05.07 2011-05-07 0.10 -
Rising 20.0 23.56.04.05 2011-05-06 0.15 -
Sophos 3.18.0 4.64 2011-05-08 5.53 -
Sunbelt 3.9.2492.2 9208 2011-05-06 0.10 -
Symantec 1.3.0.24 20110506.003 2011-05-06 0.32 -
nProtect 20110506.01 3439818 2011-05-06 0.20 -
The Hacker 6.7.0.1 v00176 2011-04-18 0.15 -
VBA32 3.12.16.0 20110506.0851 2011-05-06 14.84 -
VirusBuster 5.2.0.28 13.6.340.0/51280922011-05-06 0.00 -









VirSCAN.org Scanned Report :
Scanned time : 2011/05/07 14:08:23 (EDT)
Scanner results: Scanners did not find malware!
File Name : PSS0082F.DLL
File Size : 11264 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : d02866e748d8d10327635773be90937f
SHA1 : 35632463c40c0235922382f99e284e48132dcf01
Online report : http://virscan.org/r...e9205f4168.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110507023245 2011-05-07 0.08 -
AhnLab V3 2011.05.06.05 2011.05.06 2011-05-06 0.18 -
AntiVir 8.2.4.228 7.11.7.176 2011-05-06 0.50 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2011 201103241627 2011-03-24 0.15 -
Authentium 5.1.1 201105061810 2011-05-06 1.77 -
AVAST! 4.7.4 110506-0 2011-05-06 0.01 -
AVG 8.5.850 271.1.1/3620 2011-05-06 0.96 -
BitDefender 7.90123.7253568 7.37378 2011-05-07 6.95 -
ClamAV 0.96.5 13054 2011-05-07 0.04 -
Comodo 4.0 8611 2011-05-07 0.19 -
CP Secure 1.3.0.5 2011.05.07 2011-05-07 0.14 -
Dr.Web 5.0.2.3300 2011.05.07 2011-05-07 21.57 -
F-Prot 4.4.4.56 20110506 2011-05-06 2.15 -
F-Secure 7.02.73807 2011.05.06.07 2011-05-06 0.23 -
Fortinet 4.2.257 13.194 2011-05-07 0.16 -
GData 22.266/22.82 20110507 2011-05-07 0.20 -
ViRobot 20110506 2011.05.06 2011-05-06 0.14 -
Ikarus T3.1.32.20.0 2011.05.06.78336 2011-05-06 7.40 -
JiangMin 13.0.900 2011.05.03 2011-05-03 0.10 -
Kaspersky 5.5.10 2011.05.06 2011-05-06 0.24 -
KingSoft 2009.2.5.15 2011.5.7.18 2011-05-07 0.24 -
McAfee 5400.1158 6320 2011-04-18 9.26 -
Microsoft 1.6802 2011.05.07 2011-05-07 0.08 -
NOD32 3.0.21 6101 2011-05-06 0.02 -
Norman 6.07.08 6.07.00 2011-05-06 26.03 -
Panda 9.05.01 2011.05.07 2011-05-07 0.08 -
Trend Micro 9.200-1012 8.140.14 2011-05-06 0.14 -
Quick Heal 11.00 2011.05.07 2011-05-07 0.09 -
Rising 20.0 23.56.04.05 2011-05-06 0.12 -
Sophos 3.18.0 4.64 2011-05-08 5.46 -
Sunbelt 3.9.2492.2 9208 2011-05-06 0.10 -
Symantec 1.3.0.24 20110506.003 2011-05-06 0.19 -
nProtect 20110506.01 3439818 2011-05-06 0.08 -
The Hacker 6.7.0.1 v00176 2011-04-18 0.21 -
VBA32 3.12.16.0 20110506.0851 2011-05-06 6.24 -
VirusBuster 5.2.0.28 13.6.340.0/51280922011-05-06 0.02 -








VirSCAN.org Scanned Report :
Scanned time : 2011/05/07 14:13:45 (EDT)
Scanner results: Scanners did not find malware!
File Name : PSS01D1D.DLL
File Size : 11264 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : e6ea075add26116dd31163296241c9d6
SHA1 : a3eed7c11d966be91443a72b452ef7503fdf2d3a
Online report : http://virscan.org/r...8a9f905c76.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110507023245 2011-05-07 0.09 -
AhnLab V3 2011.05.06.05 2011.05.06 2011-05-06 0.08 -
AntiVir 8.2.4.228 7.11.7.176 2011-05-06 0.33 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2011 201103241627 2011-03-24 0.01 -
Authentium 5.1.1 201105061810 2011-05-06 1.53 -
AVAST! 4.7.4 110506-0 2011-05-06 0.00 -
AVG 8.5.850 271.1.1/3620 2011-05-06 0.27 -
BitDefender 7.90123.7253568 7.37378 2011-05-07 5.89 -
ClamAV 0.96.5 13054 2011-05-07 0.01 -
Comodo 4.0 8611 2011-05-07 0.08 -
CP Secure 1.3.0.5 2011.05.07 2011-05-07 0.04 -
Dr.Web 5.0.2.3300 2011.05.07 2011-05-07 11.76 -
F-Prot 4.4.4.56 20110506 2011-05-06 1.47 -
F-Secure 7.02.73807 2011.05.06.07 2011-05-06 0.17 -
Fortinet 4.2.257 13.194 2011-05-07 0.08 -
GData 22.266/22.82 20110507 2011-05-07 0.08 -
ViRobot 20110506 2011.05.06 2011-05-06 0.09 -
Ikarus T3.1.32.20.0 2011.05.06.78336 2011-05-06 4.64 -
JiangMin 13.0.900 2011.05.03 2011-05-03 0.08 -
Kaspersky 5.5.10 2011.05.06 2011-05-06 0.10 -
KingSoft 2009.2.5.15 2011.5.7.18 2011-05-07 0.08 -
McAfee 5400.1158 6320 2011-04-18 8.64 -
Microsoft 1.6802 2011.05.07 2011-05-07 0.08 -
NOD32 3.0.21 6101 2011-05-06 0.01 -
Norman 6.07.08 6.07.00 2011-05-06 20.02 -
Panda 9.05.01 2011.05.07 2011-05-07 0.08 -
Trend Micro 9.200-1012 8.140.14 2011-05-06 0.03 -
Quick Heal 11.00 2011.05.07 2011-05-07 0.10 -
Rising 20.0 23.56.04.05 2011-05-06 0.09 -
Sophos 3.18.0 4.64 2011-05-08 3.69 -
Sunbelt 3.9.2492.2 9208 2011-05-06 0.10 -
Symantec 1.3.0.24 20110506.003 2011-05-06 0.15 -
nProtect 20110506.01 3439818 2011-05-06 0.09 -
The Hacker 6.7.0.1 v00176 2011-04-18 0.09 -
VBA32 3.12.16.0 20110506.0851 2011-05-06 4.45 -
VirusBuster 5.2.0.28 13.6.340.0/51280922011-05-06 0.00 -




And this is combofix file


ComboFix 11-05-04.04 - Arjon 05/07/2011 15:05:20.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2996.1741 [GMT -4:00]
Running from: c:\users\Arjon\Desktop\ComboFix.exe
Command switches used :: c:\users\Arjon\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5802\AddOnDownloaded\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc.dll
c:\programdata\PCDr\5802\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5802\AddOnDownloaded\194d1dc8-fbc8-481a-aa95-bf545be1d569.dll
c:\programdata\PCDr\5802\AddOnDownloaded\283cdc40-c633-4749-b3ad-8eb5e8b11b5c.dll
c:\programdata\PCDr\5802\AddOnDownloaded\36dafa7c-3454-401e-9405-7fa73986716d.dll
c:\programdata\PCDr\5802\AddOnDownloaded\434b795d-fe06-4495-801e-fa92d93babbc.dll
c:\programdata\PCDr\5802\AddOnDownloaded\4506fabd-988f-4627-a1de-44b2f1093b08.dll
c:\programdata\PCDr\5802\AddOnDownloaded\54874b0a-fb04-44ef-ad2b-c957aafea033.dll
c:\programdata\PCDr\5802\AddOnDownloaded\562ad818-216b-4d77-8b40-834630104d2c.dll
c:\programdata\PCDr\5802\AddOnDownloaded\60e1ddc2-8de1-4bd0-8e65-4c3d56791c8e.dll
c:\programdata\PCDr\5802\AddOnDownloaded\6a673ee4-43f7-4820-9e11-38692474f211.dll
c:\programdata\PCDr\5802\AddOnDownloaded\746b3523-df66-4ed9-beaa-88464b84933f.dll
c:\programdata\PCDr\5802\AddOnDownloaded\83db0f34-4452-4946-92c2-31dcd99767dd.dll
c:\programdata\PCDr\5802\AddOnDownloaded\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dll
c:\programdata\PCDr\5802\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\programdata\PCDr\5802\AddOnDownloaded\aaafe845-287d-4966-bd17-65877f9d0d2e.dll
c:\programdata\PCDr\5802\AddOnDownloaded\b34a10f6-a592-424f-af97-b051783f9dd2.dll
c:\programdata\PCDr\5802\AddOnDownloaded\b52e5bed-821a-41fc-9d4b-24d443ee0ad9.dll
c:\programdata\PCDr\5802\AddOnDownloaded\bead45d2-b2dc-44e3-94f8-c7de6979be60.dll
c:\programdata\PCDr\5802\AddOnDownloaded\d60ff724-290e-429b-a1ca-f015886953f9.dll
c:\programdata\PCDr\5802\AddOnDownloaded\d754c4cc-ae68-4d17-afb7-55002296e1e2.dll
c:\programdata\PCDr\5802\AddOnDownloaded\ec6735a3-9204-4734-bb0f-5859e58b13b2.dll
c:\programdata\PCDr\5802\AddOnDownloaded\f1d18230-9731-47f0-b9f4-b537abcbb39c.dll
c:\programdata\PCDr\5802\AddOnDownloaded\f45a4f6c-32c1-48c0-9ee9-e840f397e395.dll
c:\programdata\PCDr\5802\AddOnDownloaded\f64109b2-74cc-4638-ae17-228b7886774b.dll
c:\programdata\PCDr\5802\AddOnDownloaded\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL9BA18F35
-------\Legacy_MPKSLD24BBA77
-------\Service_MpKsl389c211a
-------\Service_MpKsl9ba18f35
-------\Service_MpKsld24bba77
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 19:17 . 2011-05-07 19:21 -------- d-----w- c:\users\Arjon\AppData\Local\temp
2011-05-07 19:17 . 2011-05-07 19:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-05 11:48 . 2011-05-06 05:57 -------- d-----w- c:\users\Arjon\AppData\Roaming\FILEminimizer
2011-05-05 11:47 . 2011-05-05 11:48 -------- d-----w- c:\program files\FILEminimizer Office
2011-05-04 18:10 . 2011-05-04 18:10 -------- d-----w- c:\users\Arjon\AppData\Roaming\ParetoLogic
2011-05-04 18:10 . 2011-05-04 18:10 -------- d-----w- c:\users\Arjon\AppData\Roaming\DriverCure
2011-05-04 18:09 . 2011-05-04 18:27 -------- d-----w- c:\programdata\ParetoLogic
2011-05-04 17:54 . 2011-05-04 18:06 -------- d-----w- c:\users\Arjon\AppData\Roaming\FixCleaner
2011-05-04 17:54 . 2011-05-04 18:22 -------- d-----w- c:\program files\FixCleaner
2011-05-04 17:10 . 2011-05-04 17:10 11264 ----a-w- c:\windows\system32\PSS0082F.DLL
2011-05-04 17:09 . 2007-02-22 19:33 249856 ----a-w- c:\windows\system32\PSR0059B.DLL
2011-05-04 17:01 . 2011-05-04 17:01 -------- d-----w- c:\programdata\PC-Doctor for Windows
2011-05-04 16:59 . 2011-03-31 23:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-05-04 16:59 . 2011-03-31 23:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-05-04 16:59 . 2011-03-31 23:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-05-04 16:59 . 2011-03-31 23:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-05-03 22:33 . 2011-05-06 01:26 -------- d-----w- c:\users\Arjon\AppData\Roaming\PCDr
2011-05-03 15:45 . 2011-05-03 15:45 -------- d-----w- c:\program files\Aviosoft
2011-05-03 04:03 . 2011-05-03 04:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
2011-05-03 03:11 . 2011-05-03 03:11 -------- d-----w- c:\program files\Citrix
2011-05-02 18:49 . 2011-05-02 18:49 -------- d-----w- c:\programdata\xml_param
2011-05-02 17:06 . 2011-05-02 19:47 -------- d-----w- c:\users\Arjon\AppData\Roaming\DivX
2011-05-02 17:06 . 2011-05-02 17:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-05-02 17:05 . 2011-05-02 17:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-05-02 17:04 . 2011-05-02 17:07 -------- d-----w- c:\programdata\DivX
2011-05-02 16:19 . 2011-05-02 16:51 -------- d-----w- c:\program files\ElcomSoft
2011-05-02 01:59 . 2011-05-02 01:59 -------- d-----w- c:\program files\Common Files\SPBA
2011-05-01 18:18 . 2011-05-01 18:18 11264 ----a-w- c:\windows\system32\PSS01D1D.DLL
2011-05-01 17:41 . 2011-05-01 17:41 -------- d-----w- c:\windows\system32\SPReview
2011-05-01 17:34 . 2011-05-01 17:34 -------- d-----w- c:\windows\system32\EventProviders
2011-05-01 17:25 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-01 17:25 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-05-01 17:25 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-05-01 17:25 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-05-01 17:25 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-01 17:25 . 2010-11-20 12:19 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-05-01 17:25 . 2010-11-20 12:19 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-05-01 17:25 . 2010-11-20 12:21 1159168 ----a-w- c:\windows\system32\sysmain.dll
2011-05-01 17:25 . 2010-11-20 12:21 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2011-05-01 17:25 . 2010-11-20 12:17 327168 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-05-01 17:23 . 2010-11-20 12:20 585728 ----a-w- c:\windows\system32\qmgr.dll
2011-05-01 17:22 . 2010-11-20 12:19 2151936 ----a-w- c:\windows\system32\mmcndmgr.dll
2011-05-01 17:21 . 2010-11-20 12:24 194800 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-05-01 17:20 . 2010-11-20 12:30 56192 ----a-w- c:\windows\system32\drivers\partmgr.sys
2011-05-01 17:19 . 2010-11-20 12:19 414208 ----a-w- c:\windows\system32\mspbda.dll
2011-05-01 17:18 . 2010-11-20 12:20 236544 ----a-w- c:\windows\system32\pdh.dll
2011-05-01 17:17 . 2010-11-20 12:21 36352 ----a-w- c:\windows\system32\wshbth.dll
2011-05-01 17:16 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-01 17:16 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-05-01 17:16 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-01 17:16 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-05-01 17:15 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-05-01 17:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-05-01 17:15 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-05-01 17:14 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-05-01 17:14 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-05-01 16:08 . 2011-05-01 16:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-01 16:06 . 2011-05-01 16:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-01 16:06 . 2011-05-01 16:08 -------- d-----w- c:\program files\Symantec
2011-05-01 07:08 . 2011-05-01 07:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\f-secure
2011-05-01 07:00 . 2011-05-01 06:57 574632 ----a-w- c:\windows\system32\msvcp50.dll
2011-05-01 06:58 . 2011-05-04 02:26 -------- d-----w- c:\program files\F-Secure
2011-05-01 06:49 . 2011-05-01 06:55 -------- d-----w- c:\programdata\fssg
2011-05-01 06:43 . 2011-05-01 06:59 -------- d-----w- c:\programdata\f-secure
2011-05-01 06:11 . 2011-05-04 15:55 -------- d-----w- c:\users\Arjon\AppData\Local\ElevatedDiagnostics
2011-04-30 23:53 . 2011-04-30 23:53 -------- d-----w- c:\users\Arjon\AppData\Roaming\AVSoftware
2011-04-30 23:51 . 2011-02-28 22:55 303240 ----a-w- c:\windows\system32\AVLib.dll
2011-04-30 23:51 . 2011-05-04 02:26 -------- d-----w- c:\program files\Hide The IP
2011-04-30 23:50 . 2011-04-30 23:50 -------- d-----w- c:\users\Arjon\AppData\Local\PackageAware
2011-04-30 18:53 . 2011-04-30 18:53 -------- d-----w- c:\users\Arjon\AppData\Local\{9CDD5999-74CB-4416-9385-5C398ED8F46D}
2011-04-30 18:43 . 2011-04-30 18:43 -------- d-----w- c:\program files\DownloadToolz
2011-04-30 16:40 . 2010-06-15 22:27 282928 ----a-w- c:\windows\system32\HMIPCore.dll
2011-04-30 16:40 . 2011-04-30 16:40 -------- d-----w- c:\program files\Hide My IP
2011-04-30 04:14 . 2011-04-30 04:14 22 --sha-w- c:\users\Arjon\AppData\Roaming\Sys2662.Config.Repository.bin
2011-04-30 04:13 . 2011-04-30 04:31 -------- d-----w- c:\program files\jv16 PowerTools 2011
2011-04-29 12:41 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{948C61C1-5510-4466-B4A4-862A10BE8D9F}\mpengine.dll
2011-04-29 11:27 . 2011-04-29 11:27 -------- d-----w- c:\program files\GRT Recover My File
2011-04-28 22:25 . 2011-04-28 22:26 -------- d-----w- c:\users\Arjon\AppData\Local\{7A831A41-C098-4F1E-AA3B-5CA24E913A41}
2011-04-28 01:41 . 2011-04-28 01:41 -------- d-----w- c:\users\Arjon\AppData\Local\{B2641D65-771F-43D0-95BB-B2846A207F3E}
2011-04-27 17:38 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 17:37 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-04-27 17:37 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 17:37 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 17:37 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 17:37 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 17:37 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 17:37 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 17:37 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 17:37 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 17:37 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2011-04-26 16:23 . 2011-04-26 16:23 -------- d-----w- c:\users\Arjon\AppData\Local\Symantec
2011-04-26 16:07 . 2011-04-26 16:07 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-04-26 11:45 . 2011-04-26 11:45 -------- d-----w- c:\program files\CellSoftNet
2011-04-26 06:40 . 2011-05-01 16:10 -------- d-----w- c:\programdata\Symantec
2011-04-26 05:24 . 2011-04-26 05:24 -------- d-----w- c:\users\Arjon\AppData\Roaming\AVG10
2011-04-26 05:23 . 2011-04-26 05:23 -------- d--h--w- c:\programdata\Common Files
2011-04-26 05:22 . 2011-04-26 18:25 -------- d-----w- c:\programdata\AVG10
2011-04-26 05:21 . 2011-04-26 05:21 -------- d-----w- c:\program files\AVG
2011-04-26 05:19 . 2011-04-26 18:24 -------- d-----w- c:\programdata\MFAData
2011-04-26 04:37 . 2007-03-22 00:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-04-26 04:37 . 2007-03-22 00:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2011-04-26 04:37 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-04-26 02:28 . 2011-04-26 02:28 -------- d-----w- c:\users\Arjon\AppData\Local\Ashisoft
2011-04-25 15:33 . 2011-04-25 15:33 -------- d-----w- c:\users\Arjon\AppData\Local\{5A6A820E-6F03-4F15-8D1A-560276E81C68}
2011-04-25 15:23 . 2011-04-25 15:23 -------- d-----w- c:\program files\Almeza
2011-04-25 04:06 . 2011-04-25 04:08 -------- d-----w- c:\users\Arjon\.shsh
2011-04-25 04:06 . 2011-04-25 04:06 -------- d-----w- c:\program files\Common Files\Java
2011-04-25 04:05 . 2011-04-25 04:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-24 07:11 . 2011-04-24 07:15 -------- d-----w- C:\AllMySongs Database
2011-04-24 07:11 . 2011-04-24 07:11 -------- d-----w- c:\windows\AllMySongs Database
2011-04-24 03:40 . 2011-04-24 03:40 -------- d-----w- c:\users\Arjon\AppData\Roaming\InterVideo
2011-04-24 03:24 . 2011-04-24 03:28 -------- d-----w- c:\users\Arjon\AppData\Roaming\dvdcss
2011-04-23 20:22 . 2011-04-23 20:25 -------- d-----w- c:\users\Arjon\AppData\Roaming\Digiarty
2011-04-23 20:22 . 2011-04-23 20:25 -------- d-----w- c:\program files\Digiarty
2011-04-22 13:14 . 2011-04-22 13:14 -------- d-----w- c:\users\Arjon\AppData\Roaming\4Media
2011-04-22 13:14 . 2011-04-22 13:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-22 13:14 . 2011-04-22 13:14 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-22 13:14 . 2011-04-22 13:14 -------- d-----w- c:\program files\OpenAL
2011-04-22 13:11 . 2011-04-22 13:11 -------- d-----w- c:\programdata\4Media
2011-04-22 13:11 . 2011-04-22 13:11 -------- d-----w- c:\program files\4Media
2011-04-21 04:54 . 2011-04-21 04:54 -------- d--h--w- c:\windows\system32\WLANProfiles
2011-04-21 02:59 . 2011-04-21 02:59 -------- d-----w- c:\users\Arjon\AppData\Local\Yahoo!
2011-04-21 02:58 . 2011-04-21 03:16 -------- d-----w- c:\programdata\Yahoo! Companion
2011-04-21 02:57 . 2011-04-21 02:58 -------- d-----w- c:\users\Arjon\AppData\Local\{751E3DE2-98D0-4004-87D8-518F7492A1C1}
2011-04-20 16:46 . 2011-04-20 16:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 17:45 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-19 07:52 . 2010-08-12 19:39 513384 ------w- c:\windows\PWMBTHLV.EXE
2011-04-19 07:52 . 2010-08-12 19:39 816488 ------w- c:\windows\system32\PWMCP32V.cpl
2011-04-19 07:52 . 2010-08-12 19:39 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-04-19 07:52 . 2010-08-12 19:39 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2011-04-01 18:13 . 2010-06-24 18:33 18328 ------w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-31 23:30 . 2011-03-30 23:46 173352 ----a-w- c:\windows\system32\SynCOM.dll
2011-03-26 03:52 . 2011-03-26 03:52 854256 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-03-26 03:52 . 2011-03-26 03:52 70768 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-03-26 02:27 . 2011-03-26 02:27 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-03-26 02:00 . 2011-03-26 02:00 252528 ----a-w- c:\windows\system32\vmnc.dll
2011-03-26 00:05 . 2011-03-26 00:05 59952 ----a-w- c:\windows\system32\vnetinst.dll
2011-03-26 00:05 . 2011-03-26 00:05 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-03-26 00:05 . 2011-03-26 00:05 36400 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-03-26 00:05 . 2011-03-26 00:05 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2011-03-26 00:05 . 2011-03-26 00:05 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-03-26 00:05 . 2011-03-26 00:05 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-02-22 22:30 . 2010-08-12 19:34 6068224 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-22 22:06 . 2010-08-12 19:34 24576 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-22 22:05 . 2010-08-12 19:34 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-22 22:05 . 2010-08-12 19:34 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-22 22:05 . 2010-08-12 19:34 288768 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-22 22:04 . 2011-03-30 23:47 9030656 ----a-w- c:\windows\system32\igfxress.dll
2011-02-19 06:30 . 2011-03-31 15:49 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-31 15:49 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-31 15:49 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 23:36 . 2011-02-18 23:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 23:36 . 2011-02-18 23:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Arjon\AppData\Local\{7A831A41-C098-4F1E-AA3B-5CA24E913A41} ----
.
.
---- Directory of c:\users\Arjon\AppData\Local\{9CDD5999-74CB-4416-9385-5C398ED8F46D} ----
.
.
---- Directory of c:\users\Arjon\AppData\Local\{B2641D65-771F-43D0-95BB-B2846A207F3E} ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 16:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 16:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-06 2424192]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]
"googletalk"="c:\users\Arjon\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"TpShocks"="TpShocks.exe" [2010-07-02 337256]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-16 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-04-19 1258856]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2010-04-23 154112]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2011-03-26 129648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-23 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-23 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-23 178200]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-12-08 55120]
.
c:\users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-4-9 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2011-3-31 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-08 17:16 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Arjon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-04-19 292200]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-03-18 6758912]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-08-12 816792]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 99768]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-31 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-04-19 25968]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 13752]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-26 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-01-13 132608]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-07-22 215208]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-18 102448]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2010-07-06 3039536]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131664]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91728]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000Core.job
- c:\users\Arjon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-30 23:37]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000UA.job
- c:\users\Arjon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-30 23:37]
.
2011-05-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2011-05-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc295F7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1134913768-1800306061-4192890979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(712)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
.
- - - - - - - > 'Explorer.exe'(6192)
c:\program files\PC-Doctor\ATLPcdToolbar580224.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\conhost.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\vmnat.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Lenovo\Client Security Solution\cssauth.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
.
**************************************************************************
.
Completion time: 2011-05-07 15:25:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-07 19:25
ComboFix2.txt 2011-05-05 20:15
ComboFix3.txt 2011-05-05 12:34
.
Pre-Run: 189,936,128,000 bytes free
Post-Run: 189,838,352,384 bytes free
.
- - End Of File - - A9D132FB7CCEB883ED0825E0EB9E0B9F


Thank You.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP