Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijacker.Tubby Removal


  • This topic is locked This topic is locked

#16
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

Advertisements


#17
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#18
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Topic reopened by user request.
  • 0

#19
ardoc14

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello Sempai ,

Thank You for reopening the topic. I was going to write yesterday when I received back my laptop but I wanted the ESET ONLINE SCAN to finish and it took a long time to be done about 10 hours 56 minutes. It scanned about 774084 files but there were no infected files and no threats found so it does not generate a "list of found threats " report.

Thank you again.
  • 0

#20
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
No problem, please tell me how's the computer running now? State any problem[s] if any.

Please run another OTL scan and post the new report for my review.
  • 0

#21
ardoc14

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello Sempai,

The computer is running fine here is the new OTL log


OTL logfile created on: 5/14/2011 9:49:51 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Arjon\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 178.86 Gb Free Space | 39.32% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.74 Gb Free Space | 38.32% Space Free | Partition Type: NTFS

Computer Name: ARJON-THINK | User Name: Arjon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 09:49:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arjon\Downloads\OTL (1).exe
PRC - [2011/05/09 18:01:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/05/05 22:24:16 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/04/19 03:52:00 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011/04/19 03:52:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/03/31 19:31:34 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011/03/30 19:01:50 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/30 19:00:10 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/03/25 23:51:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2011/03/25 23:51:34 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/03/25 23:51:32 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2011/03/25 23:51:20 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2011/03/08 16:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/03/08 16:20:58 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/14 18:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/01/14 18:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2011/01/14 18:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/12/17 17:22:40 | 000,936,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/12/17 17:08:40 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/12/14 18:57:20 | 000,136,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010/12/08 13:18:56 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2010/12/03 13:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2010/12/02 15:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 19:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/24 19:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/09 16:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/11/09 16:39:46 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/11/09 16:39:44 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/11/09 16:39:44 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/11/09 16:39:42 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/10/29 23:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/17 20:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/09/17 20:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/09/17 20:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/05/03 15:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 15:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/03 15:54:28 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/04/24 04:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 04:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/23 12:21:00 | 000,154,112 | ---- | M] (troubadix) -- C:\Program Files\TPFanControl\TPFanControl.exe
PRC - [2010/04/07 17:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 17:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/11/25 18:50:10 | 002,011,205 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2009/08/26 18:32:16 | 000,816,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/08/26 18:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/30 18:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/10/26 17:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Arjon\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 09:49:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arjon\Downloads\OTL (1).exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/09 18:01:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/04/19 03:52:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/04/19 03:52:00 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/04/19 03:52:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011/04/09 23:20:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/31 11:14:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/30 19:00:10 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/30 18:57:40 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/03/25 23:51:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 23:51:32 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 23:51:20 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/01/14 18:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011/01/14 18:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/17 17:22:40 | 000,936,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/12/17 17:08:40 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/12/03 13:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010/12/02 15:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/11/24 19:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/11/09 16:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/11/09 16:39:48 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/11/09 16:39:44 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/11/09 16:39:44 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/11/09 16:39:42 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/09/17 20:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 20:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/05/03 15:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/05/03 15:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/04/24 04:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 04:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/07 17:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/09/29 20:25:38 | 000,099,768 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009/08/26 18:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/28 22:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/10/26 17:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/05/09 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/01 12:08:16 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/19 03:52:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2011/04/19 03:52:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011/04/18 08:58:58 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110513.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 08:58:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110513.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/25 23:52:18 | 000,854,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2011/03/25 23:52:18 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2011/03/25 23:50:52 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2011/03/25 23:50:06 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2011/03/25 22:27:32 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2011/03/25 20:05:00 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2011/03/25 20:05:00 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2011/03/25 20:05:00 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2011/03/16 18:59:38 | 000,032,672 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2011/02/10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/13 14:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/21 12:07:44 | 007,434,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/09 16:39:50 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/11/09 16:39:50 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/11/09 16:39:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/11/09 16:39:36 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/10/15 03:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/09/07 17:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/08/25 13:45:56 | 000,486,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/08/12 15:33:28 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxdrv.sys -- (pmxdrv)
DRV - [2010/07/22 12:38:06 | 000,215,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2010/06/16 16:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2010/06/16 16:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/10 17:47:34 | 000,015,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/24 04:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 04:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 04:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 04:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/12 17:13:02 | 000,091,728 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2010/04/12 17:12:56 | 000,131,664 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2010/03/18 01:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2010/02/26 18:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/26 01:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/09/29 20:25:42 | 000,013,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV - [2009/09/24 07:58:52 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/09/17 00:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/01 22:16:16 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/05/10 22:33:48 | 000,088,832 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2009/03/13 16:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2) SMI Helper Driver (smihlp2)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/10/26 17:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/31 16:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/10/13 03:21:00 | 000,020,512 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/02 13:07:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/02 13:07:02 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/05/07 15:20:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPFanControl] C:\Program Files\TPFanControl\TPFanControl.exe (troubadix)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\Arjon\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 09:31:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/14 08:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aneesoft
[2011/05/14 08:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Aneesoft
[2011/05/13 23:11:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/05/13 23:07:43 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Mozilla
[2011/05/13 23:03:02 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\The Lord of the Rings Online
[2011/05/13 23:03:02 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\The Lord of the Rings Online
[2011/05/13 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Turbine
[2011/05/13 22:44:49 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\ApplicationHistory
[2011/05/13 22:33:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2011/05/13 21:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2011/05/13 18:52:49 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\PMB Files
[2011/05/13 18:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/05/13 18:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/05/13 18:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/13 17:59:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Arjon\Desktop\esetsmartinstaller_enu.exe
[2011/05/13 08:49:35 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AllMyNotes Organizer
[2011/05/13 08:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\AllMyNotes Organizer
[2011/05/12 15:59:01 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Desktop\LAST QUIZ
[2011/05/12 15:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2011/05/12 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Conexant
[2011/05/12 15:28:45 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2011/05/12 15:00:31 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\stardock
[2011/05/12 14:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2011/05/12 14:15:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{468506A7-CB74-45DA-AF3B-4CB436943A3E}
[2011/05/12 14:15:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2011/05/12 14:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2011/05/12 14:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2011/05/12 11:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder
[2011/05/12 11:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/05/12 11:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/05/11 07:08:18 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Easy Clone Detective
[2011/05/11 07:07:46 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Refero Group
[2011/05/11 07:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Refero Group
[2011/05/11 07:07:45 | 000,000,000 | ---D | C] -- C:\Windows\Easy Clone Detective
[2011/05/11 06:36:43 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Western_Digital
[2011/05/10 21:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011/05/10 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/05/10 21:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/05/10 21:18:42 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Western Digital
[2011/05/10 07:44:51 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\BANDISOFT
[2011/05/10 07:44:48 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\Bandicam
[2011/05/10 07:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[2011/05/10 07:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bandicam
[2011/05/10 07:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2011/05/08 16:59:25 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonMF Uninstaller Information
[2011/05/08 16:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
[2011/05/08 16:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/05/08 16:14:42 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll
[2011/05/08 16:13:52 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll
[2011/05/08 16:13:44 | 000,126,976 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05b.dll
[2011/05/08 16:13:37 | 000,073,216 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll
[2011/05/08 16:13:37 | 000,072,192 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll
[2011/05/08 16:13:37 | 000,046,592 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll
[2011/05/08 16:13:32 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2011/05/08 16:13:32 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2011/05/08 16:13:31 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2011/05/08 16:13:31 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2011/05/08 16:13:17 | 000,167,936 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2011/05/08 02:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011/05/08 02:29:56 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Remote Queue Manager
[2011/05/08 02:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/05/08 02:24:04 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Remote Queue Manager
[2011/05/08 02:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Remote Queue Manager
[2011/05/07 22:12:08 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\DDMSettings
[2011/05/07 18:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudyX
[2011/05/07 18:24:06 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\StudyX
[2011/05/07 18:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\StudyX
[2011/05/07 15:20:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/07 15:17:14 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\temp
[2011/05/07 14:55:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/05 08:10:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/05 08:10:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/05 08:10:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/05 08:10:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/05 08:09:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/05 07:48:03 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\FILEminimizer
[2011/05/05 07:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer 6.0
[2011/05/05 07:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\FILEminimizer Office
[2011/05/04 14:10:27 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\ParetoLogic
[2011/05/04 14:10:27 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\DriverCure
[2011/05/04 14:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/05/04 13:54:32 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\FixCleaner
[2011/05/04 13:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/05/04 13:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2011/05/04 12:59:08 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo9.dll
[2011/05/03 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2011/05/03 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\PCDr
[2011/05/03 11:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Aviosoft
[2011/05/02 23:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/05/02 14:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2011/05/02 14:49:24 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\iMate
[2011/05/02 13:06:43 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\DivX
[2011/05/02 13:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/02 13:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/05/02 13:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/05/02 13:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/05/01 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPBA
[2011/05/01 13:41:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/05/01 13:34:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/05/01 13:19:37 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/05/01 12:08:03 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/05/01 12:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/01 12:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2011/05/01 12:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/01 02:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2011/05/01 02:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2011/05/01 02:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\f-secure
[2011/05/01 02:11:27 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\ElevatedDiagnostics
[2011/04/30 22:41:46 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\LDW
[2011/04/30 19:53:54 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\AVSoftware
[2011/04/30 19:51:47 | 000,303,240 | ---- | C] (AVSoftware, Ltd) -- C:\Windows\System32\AVLib.dll
[2011/04/30 19:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Hide The IP
[2011/04/30 19:50:49 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\PackageAware
[2011/04/30 19:35:35 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Desktop\New folder
[2011/04/30 14:53:45 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{9CDD5999-74CB-4416-9385-5C398ED8F46D}
[2011/04/30 12:40:49 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.) -- C:\Windows\System32\HMIPCore.dll
[2011/04/30 00:13:51 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2011
[2011/04/30 00:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2011
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF7C.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSS0AF77.DLL
[2011/04/29 08:23:07 | 000,249,856 | ---- | C] (Pharos Systems International) -- C:\Windows\System32\PSR0AF4A.DLL
[2011/04/29 07:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRT Recover My File
[2011/04/29 07:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\GRT Recover My File
[2011/04/28 18:26:54 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\Rosetta Stone V3.3.5
[2011/04/28 18:25:54 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{7A831A41-C098-4F1E-AA3B-5CA24E913A41}
[2011/04/27 22:24:01 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\My Received Files
[2011/04/27 21:41:23 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{B2641D65-771F-43D0-95BB-B2846A207F3E}
[2011/04/26 20:56:09 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/04/26 12:23:16 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Symantec
[2011/04/26 12:14:56 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Desktop\tmp
[2011/04/26 07:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\CellSoftNet
[2011/04/26 02:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/04/26 01:23:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/26 01:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/26 01:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/25 22:28:38 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Ashisoft
[2011/04/25 11:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Almeza
[2011/04/25 11:33:57 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{5A6A820E-6F03-4F15-8D1A-560276E81C68}
[2011/04/25 11:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\Almeza
[2011/04/25 00:06:47 | 000,000,000 | ---D | C] -- C:\Users\Arjon\.shsh
[2011/04/25 00:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/25 00:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/24 03:11:58 | 000,000,000 | ---D | C] -- C:\Windows\AllMySongs Database
[2011/04/24 03:11:58 | 000,000,000 | ---D | C] -- C:\AllMySongs Database
[2011/04/23 23:41:49 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\InterVideo
[2011/04/23 23:40:06 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\InterVideo
[2011/04/23 23:24:43 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\dvdcss
[2011/04/23 16:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinX DVD Author
[2011/04/23 16:22:53 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Digiarty
[2011/04/23 16:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2011/04/23 16:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2011/04/22 09:14:46 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\4Media
[2011/04/22 09:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Media
[2011/04/22 09:14:00 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/04/22 09:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/04/22 09:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\4Media
[2011/04/22 09:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\4Media
[2011/04/21 19:23:34 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2011/04/21 19:23:31 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Google
[2011/04/21 00:54:07 | 000,000,000 | -H-D | C] -- C:\Windows\System32\WLANProfiles
[2011/04/20 22:59:37 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2011/04/20 22:59:17 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Yahoo!
[2011/04/20 22:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/04/20 22:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/04/20 22:57:55 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{751E3DE2-98D0-4004-87D8-518F7492A1C1}
[2011/04/20 01:20:14 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\Senstic
[2011/04/20 01:19:47 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2011/04/20 01:19:46 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2011/04/20 01:19:45 | 000,026,352 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2011/04/20 01:19:40 | 000,760,432 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2011/04/20 01:19:18 | 000,024,688 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys
[2011/04/20 01:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2011/04/20 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2011/04/20 01:13:01 | 000,000,000 | ---D | C] -- C:\archdb
[2011/04/20 00:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Senstic
[2011/04/19 23:40:20 | 000,056,208 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2011/04/19 23:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2011/04/19 23:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2011/04/19 15:48:01 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\vmware and mac os x
[2011/04/19 14:55:33 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\AnyToISO 3.0 BUILD 344
[2011/04/19 14:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyToISO
[2011/04/19 14:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\AnyToISO
[2011/04/19 14:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/04/19 14:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2011/04/18 23:50:44 | 000,000,000 | ---D | C] -- C:\Users\Arjon\Documents\Virtual Machines
[2011/04/18 23:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\VMware
[2011/04/18 22:20:11 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{BCAACA3D-E8B5-4EF7-88D4-963368BAACD5}
[2011/04/18 19:16:44 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011/04/18 19:16:34 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011/04/18 19:16:34 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011/04/18 19:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/04/18 19:15:20 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\TuneUp Software
[2011/04/18 19:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011/04/18 19:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/04/18 19:11:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/04/18 18:25:30 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\TotalRecorder
[2011/04/18 18:25:17 | 000,091,728 | ---- | C] (High Criteria inc.) -- C:\Windows\System32\drivers\TotRec8.sys
[2011/04/18 18:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Recorder
[2011/04/18 18:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\HighCriteria
[2011/04/18 11:09:15 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Watermark Studio
[2011/04/18 11:09:15 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\Easy Watermark Studio
[2011/04/18 11:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Watermark Studio
[2011/04/18 01:53:27 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{5AA4902D-2166-4DB8-8B6E-EB914D1B1540}
[2011/04/16 17:08:52 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{119EA93D-54BB-494C-BB7E-3C7C83BDE158}
[2011/04/16 00:34:31 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{2E744419-9F4F-46A0-86D0-748481CB4B4A}
[2011/04/15 12:08:25 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Local\{CAD0986A-F765-42A8-9D42-B2AE2F8E40E5}
[2011/04/14 21:01:29 | 000,000,000 | ---D | C] -- C:\Users\Arjon\AppData\Roaming\NeoDownloader
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/14 09:47:25 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000UA.job
[2011/05/14 09:42:32 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 09:42:32 | 000,019,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 09:34:15 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/05/14 09:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/14 09:33:36 | 2355,892,224 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/13 22:51:19 | 000,638,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/13 22:51:19 | 000,113,158 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/13 22:44:49 | 000,000,093 | ---- | M] () -- C:\Users\Arjon\AppData\Local\fusioncache.dat
[2011/05/13 20:47:07 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1134913768-1800306061-4192890979-1000Core.job
[2011/05/13 17:59:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Arjon\Desktop\esetsmartinstaller_enu.exe
[2011/05/13 08:54:52 | 000,148,223 | ---- | M] () -- C:\Users\Arjon\Documents\AllMyNotes Documents.ddb
[2011/05/13 08:54:18 | 000,147,617 | ---- | M] () -- C:\Users\Arjon\Documents\AllMyNotes Documents.ddb - backup 11-05-13.ddb
[2011/05/12 11:37:15 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\Protected Folder.lnk
[2011/05/11 00:50:56 | 000,000,115 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
[2011/05/10 21:20:18 | 000,001,329 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/05/10 12:07:01 | 000,188,208 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/05/10 11:11:07 | 000,002,503 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/10 11:11:07 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/05/10 07:44:32 | 000,000,961 | ---- | M] () -- C:\Users\Arjon\Desktop\Bandicam.lnk
[2011/05/08 18:22:11 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2011/05/08 16:20:46 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2011/05/08 16:20:22 | 000,000,242 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011/05/08 16:20:22 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2011/05/08 16:14:42 | 000,000,050 | ---- | M] () -- C:\Windows\System32\bridf08b.dat
[2011/05/08 11:46:14 | 003,746,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/08 02:24:05 | 000,001,069 | ---- | M] () -- C:\Users\Arjon\Desktop\Remote Queue Manager.lnk
[2011/05/07 15:20:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/07 15:19:22 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/06 23:48:15 | 000,002,374 | ---- | M] () -- C:\Users\Arjon\Desktop\Google Chrome.lnk
[2011/05/05 07:59:31 | 004,342,022 | R--- | M] () -- C:\Users\Arjon\Desktop\ComboFix.exe
[2011/05/04 13:03:20 | 000,000,548 | ---- | M] () -- C:\Users\Arjon\Documents\monitorsregkey.reg
[2011/05/03 22:14:36 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2011/05/02 12:21:53 | 000,000,909 | ---- | M] () -- C:\Windows\ARPR.INI
[2011/05/01 12:08:16 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/05/01 12:08:16 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/05/01 12:08:16 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/30 22:38:43 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2011/04/30 19:55:39 | 000,002,496 | ---- | M] () -- C:\Windows\System32\AVRedirector.ini
[2011/04/30 19:55:39 | 000,001,248 | ---- | M] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/04/30 00:14:30 | 000,000,022 | -HS- | M] () -- C:\Windows\System5537 Data.Repository
[2011/04/30 00:14:30 | 000,000,022 | -HS- | M] () -- C:\Users\Arjon\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/04/30 00:13:23 | 000,001,862 | ---- | M] () -- C:\Users\Arjon\Desktop\jv16 PowerTools 2011.lnk
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF7C.DLL
[2011/04/29 08:23:10 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\PSS0AF77.DLL
[2011/04/28 20:43:08 | 000,000,215 | ---- | M] () -- C:\Users\Arjon\AppData\Roaming\burnaware.ini
[2011/04/28 19:32:40 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2011/04/26 21:32:03 | 000,015,710 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/04/25 00:08:36 | 000,000,882 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2011/04/24 03:15:08 | 000,375,054 | ---- | M] () -- C:\1.bmp
[2011/04/23 16:25:17 | 000,001,132 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Author.lnk
[2011/04/23 16:22:20 | 000,001,243 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Copy Pro.lnk
[2011/04/23 16:22:20 | 000,001,219 | ---- | M] () -- C:\Users\Arjon\Desktop\WinX DVD Copy Pro.lnk
[2011/04/22 09:14:09 | 000,002,144 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\4Media Photo Slideshow Maker.lnk
[2011/04/22 09:14:00 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/04/20 22:58:24 | 000,001,146 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/04/20 01:21:53 | 000,001,009 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2011/04/20 01:18:52 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/04/20 01:18:06 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2011/04/19 14:53:59 | 000,000,928 | ---- | M] () -- C:\Users\Arjon\Desktop\AnyToISO.lnk
[2011/04/18 18:25:19 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\Total Recorder.LNK
[2011/04/18 11:09:15 | 000,001,987 | ---- | M] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Watermark Studio.lnk
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 22:44:49 | 000,000,093 | ---- | C] () -- C:\Users\Arjon\AppData\Local\fusioncache.dat
[2011/05/13 08:54:18 | 000,147,617 | ---- | C] () -- C:\Users\Arjon\Documents\AllMyNotes Documents.ddb - backup 11-05-13.ddb
[2011/05/13 08:49:43 | 000,148,223 | ---- | C] () -- C:\Users\Arjon\Documents\AllMyNotes Documents.ddb
[2011/05/12 11:37:15 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\Protected Folder.lnk
[2011/05/10 21:20:18 | 000,001,329 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/05/10 07:44:32 | 000,000,961 | ---- | C] () -- C:\Users\Arjon\Desktop\Bandicam.lnk
[2011/05/08 18:22:11 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2011/05/08 16:20:46 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2011/05/08 16:20:22 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/05/08 16:20:22 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/05/08 16:13:44 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/05/08 16:13:37 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/05/08 02:24:05 | 000,001,069 | ---- | C] () -- C:\Users\Arjon\Desktop\Remote Queue Manager.lnk
[2011/05/05 08:10:19 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/05 08:10:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/05 08:10:19 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/05 08:10:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/05 08:10:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/05 08:08:08 | 004,342,022 | R--- | C] () -- C:\Users\Arjon\Desktop\ComboFix.exe
[2011/05/04 14:01:08 | 000,188,208 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/04 13:03:20 | 000,000,548 | ---- | C] () -- C:\Users\Arjon\Documents\monitorsregkey.reg
[2011/05/03 22:14:08 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/05/03 19:38:54 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/05/02 12:19:36 | 000,000,909 | ---- | C] () -- C:\Windows\ARPR.INI
[2011/05/01 13:23:59 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/05/01 13:18:02 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/05/01 13:17:17 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/05/01 12:08:03 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/05/01 12:08:03 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/04/30 22:38:43 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/04/30 19:54:54 | 000,002,496 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini
[2011/04/30 19:54:54 | 000,001,248 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/04/30 00:14:30 | 000,000,022 | -HS- | C] () -- C:\Windows\System5537 Data.Repository
[2011/04/30 00:14:30 | 000,000,022 | -HS- | C] () -- C:\Users\Arjon\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/04/30 00:13:23 | 000,001,862 | ---- | C] () -- C:\Users\Arjon\Desktop\jv16 PowerTools 2011.lnk
[2011/04/26 20:56:13 | 000,062,692 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2011/04/26 20:56:09 | 000,105,420 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/04/24 03:15:08 | 000,375,054 | ---- | C] () -- C:\1.bmp
[2011/04/23 16:25:17 | 000,001,132 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Author.lnk
[2011/04/23 16:22:20 | 000,001,243 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Copy Pro.lnk
[2011/04/23 16:22:20 | 000,001,219 | ---- | C] () -- C:\Users\Arjon\Desktop\WinX DVD Copy Pro.lnk
[2011/04/22 09:14:09 | 000,002,144 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\4Media Photo Slideshow Maker.lnk
[2011/04/20 22:58:24 | 000,001,146 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/04/20 01:21:53 | 000,001,009 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2011/04/20 01:18:06 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2011/04/19 14:53:59 | 000,000,928 | ---- | C] () -- C:\Users\Arjon\Desktop\AnyToISO.lnk
[2011/04/18 23:24:29 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/04/18 19:16:22 | 000,002,164 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011/04/18 18:25:19 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\Total Recorder.LNK
[2011/04/18 11:09:15 | 000,001,987 | ---- | C] () -- C:\Users\Arjon\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Watermark Studio.lnk
[2011/04/13 23:34:45 | 000,000,600 | ---- | C] () -- C:\Users\Arjon\AppData\Roaming\winscp.rnd
[2011/04/12 16:29:09 | 000,000,008 | ---- | C] () -- C:\Program Files\SysResources Managersys111.dat
[2011/04/09 22:40:16 | 000,000,215 | ---- | C] () -- C:\Users\Arjon\AppData\Roaming\burnaware.ini
[2011/04/08 19:34:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/01 13:47:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/31 02:16:55 | 000,000,281 | ---- | C] () -- C:\Windows\System32\CNCMFP11.INI
[2011/03/30 19:47:42 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/03/30 19:47:40 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/03/30 19:47:39 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2010/09/02 03:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2010/09/02 03:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2010/08/12 15:34:43 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/12 15:33:44 | 000,000,661 | ---- | C] () -- C:\Windows\System32\VoipUpdate.ini
[2010/08/12 15:33:28 | 000,816,792 | ---- | C] () -- C:\Windows\System32\drivers\pmxdrv.sys
[2009/09/29 20:25:42 | 000,013,752 | ---- | C] () -- C:\Windows\System32\drivers\TurboB.sys
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,746,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,638,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,113,158 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:09:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/07/13 18:09:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/07/13 18:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/13 18:09:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/10/26 17:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/22 09:14:46 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\4Media
[2011/04/30 19:53:54 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\AVSoftware
[2011/05/10 07:44:51 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\BANDISOFT
[2011/05/08 18:22:41 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Canon
[2011/04/23 16:25:22 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Digiarty
[2011/05/04 14:10:27 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\DriverCure
[2011/04/18 11:09:46 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Easy Watermark Studio
[2011/05/06 01:57:43 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\FILEminimizer
[2011/05/04 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\FixCleaner
[2011/04/11 18:42:05 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Impressions Future Media
[2011/04/23 23:40:06 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\InterVideo
[2011/04/13 23:30:00 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\JGsoft
[2011/03/30 17:52:00 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Lenovo
[2011/04/14 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\NeoDownloader
[2011/05/04 14:10:27 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\ParetoLogic
[2011/05/05 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\PCDr
[2011/03/30 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\PwrMgr
[2011/05/08 16:43:50 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Remote Queue Manager
[2011/05/14 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\SoftGrid Client
[2011/05/14 09:51:49 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Software Informer
[2011/04/25 20:24:49 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\TotalRecorder
[2011/03/31 01:06:15 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\TP
[2011/05/02 15:36:43 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\TuneUp Software
[2011/04/20 14:52:11 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Ulead Systems
[2011/05/03 22:26:46 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Update
[2011/04/09 12:38:44 | 000,000,000 | ---D | M] -- C:\Users\Arjon\AppData\Roaming\Windows Live Writer
[2011/05/07 15:19:22 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/10 15:13:05 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/14 09:34:15 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:5A775C3F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >





I run another scan with superAntiSpyware and nothing showed up anymore.

Thank You a lot for you help,

Sincerely
  • 0

#22
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Just a minor fix then we can proceed with housekeeping to properly remove the tools.


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    
    :Commands
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.



2. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 25 (JDK or JRE).
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".

    • Select "Windows x86 Offline" and click on jre-6u25-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

  • 0

#23
ardoc14

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello Sempai,

Here is the log for OTL

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Arjon
->Temp folder emptied: 63608739 bytes
->Temporary Internet Files folder emptied: 5282824 bytes
->Java cache emptied: 2105640 bytes
->Google Chrome cache emptied: 426012549 bytes
->Apple Safari cache emptied: 69150720 bytes
->Flash cache emptied: 42063 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5818520 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56287882 bytes
RecycleBin emptied: 748768 bytes

Total Files Cleaned = 600.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05152011_101408

Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3620.log moved successfully.
File\Folder C:\Windows\temp\etilqs_0j75I4uCiVYNrqCrA3e0 not found!
File\Folder C:\Windows\temp\etilqs_IE8SqPEW0FmqCkzkpErK not found!
File\Folder C:\Windows\temp\etilqs_Rh6Nh7C3e8JBuLLdjofG not found!
File\Folder C:\Windows\temp\etilqs_Vbffjh9zeDANDKCug4x6 not found!

Registry entries deleted on Reboot...



I also removed my old java and installed the new one that you recommended.

Thank You.
  • 0

#24
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Great, follow the following instructions to properly remove the tools.


Uninstall:

1. ComboFix

  • Click Start > Run > copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall


2. ESET online scanner
  • Go to Control Panel > Programs > Programs and Features > locate and remove ESET Online Scanner.



Clean-up with OTL:
  • Run OTL
  • Click on the CleanUp! button.



Your Log is Clean, take the time to read below to secure your machine and take the necessary steps to keep it Clean :)

How to prevent malware

How to increase PC speed


Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


  • 0

#25
ardoc14

ardoc14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello Sempai,

I want to thank you for all your time and you help.

Sincerely,
Ardoc14
  • 0

Advertisements


#26
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
You're welcome. :)
  • 0

#27
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP