Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unbootable computer


  • Please log in to reply

#1
Bismillah

Bismillah

    Member

  • Member
  • PipPipPip
  • 514 posts
Hello my friend is experiencing some issues with his computer (i am posting on his behalf)
he has a Dell Inspiron it is Vista, his computer was quite infected after searching on google he decided to run combofix, after combofix rebooted he got windows failed to load because the system registry file is missing or corrupt


File:\windows\system32\config\system

He does not have the install disk either
  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:) . I'm Michael and I'm going to help you fix your computer :unsure:

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.


Turn on your computer and begin pressing the F8 button quickly. You should get this screen:
Posted Image
Select Last Known Good configuration
Let me know if that fixes the problem
  • 0

#3
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Hes done a windows reinstall in the end which has cleared all of the viruses but now he cant connect to the internet

Plus with the last known good configuration ive already asked him to try all that stuff but none of it worked so he just went ahead with reinstall of windows

Could there be a possibility that a virus has survived the reinstall as i have heard of this before?

Edited by nortan360, 14 August 2011 - 11:25 AM.

  • 0

#4
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

If he has done a clean install, which would format the entire drive and delete any data stored in it and then install the new Operating System, you can be sure that all nasties are gone.
If he has done a repair install, which would just re-install the Operating System but leave the data there, then malware will still be on the computer

There's also the chance that a USB drive he was using got infected, and then he plugged it in after the re-install, so the clean system got re-infected.


If you want to do a checkup, follow these instructions:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :)



Next:


Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#5
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
The guy im talking to insists his computer is now clean even though he cant connect to the computer, there is no pleasing some people :)
I do apoligise for wasting your time

Would it be possible for you to take a look at my laptop instead as i am experiencing alot of lag and slow loading pages even after removing alot of rubbish, or would i have to make a new thread?
  • 0

#6
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Ok then let's examine your computer :)
Follow the instructions above and post the logs
  • 0

#7
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
OTL logfile created on: 15/08/2011 21:48:09 - Run 3
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\LENOVO\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.90 Gb Total Physical Memory | 0.18 Gb Available Physical Memory | 9.39% Memory free
5.76 Gb Paging File | 0.54 Gb Available in Paging File | 9.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126.10 Gb Total Space | 27.55 Gb Free Space | 21.85% Space Free | Partition Type: NTFS
Drive Q: | 21.49 Gb Total Space | 15.98 Gb Free Space | 74.38% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.08% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: LENOVO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/15 21:45:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\LENOVO\Desktop\OTL.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/18 18:54:17 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/06/07 17:51:12 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes2\iTunesHelper.exe
PRC - [2011/05/26 11:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/05/04 04:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2011/05/02 01:01:39 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/23 19:32:24 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/09/17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
PRC - [2010/09/17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/12/10 22:59:48 | 000,181,608 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/12/10 22:59:42 | 000,435,560 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/12/10 22:59:40 | 000,251,240 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/12/10 22:59:38 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/12/10 22:25:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/04/26 20:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/04/22 01:45:44 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/04/15 18:50:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/04/14 11:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/04/02 14:35:20 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/03/05 06:27:20 | 000,865,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/03/05 05:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/02/11 21:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/11 20:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/01/28 19:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/10/27 02:38:40 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2008/10/27 02:33:22 | 001,676,536 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2008/05/25 00:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/09/28 21:21:42 | 000,162,280 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\SBITS\DDNIOEMService.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/11 20:47:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/11 20:47:41 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/11 20:47:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/11 20:18:10 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/11 20:17:55 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/11 20:17:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/11 20:14:15 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/11 15:09:02 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
MOD - [2011/08/11 14:17:41 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/08/08 21:44:56 | 000,193,024 | ---- | M] () -- C:\Users\LENOVO\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
MOD - [2011/08/08 21:44:56 | 000,108,032 | ---- | M] () -- C:\Users\LENOVO\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
MOD - [2011/08/08 21:44:56 | 000,059,392 | ---- | M] () -- C:\Users\LENOVO\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
MOD - [2011/08/08 21:44:55 | 000,061,952 | ---- | M] () -- C:\Users\LENOVO\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
MOD - [2011/05/07 12:57:14 | 000,327,224 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\11.0.696.68\ppgooglenaclpluginchrome.dll
MOD - [2011/05/07 12:57:13 | 004,125,752 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\11.0.696.68\pdf.dll
MOD - [2011/05/07 12:55:53 | 000,496,184 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\11.0.696.68\libglesv2.dll
MOD - [2011/05/07 12:55:51 | 000,106,040 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\11.0.696.68\libegl.dll
MOD - [2011/05/07 12:55:40 | 000,102,472 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\11.0.696.68\avutil-50.dll
MOD - [2011/05/07 12:55:39 | 000,194,632 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\11.0.696.68\avformat-52.dll
MOD - [2011/05/07 12:55:38 | 001,823,304 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\11.0.696.68\avcodec-52.dll
MOD - [2011/05/07 09:33:28 | 006,332,576 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\Google\Chrome\Application\11.0.696.68\gcswf32.dll
MOD - [2011/03/02 11:11:33 | 000,390,656 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\lame_enc.dll
MOD - [2011/03/02 11:11:22 | 000,370,688 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\libsndfile.dll
MOD - [2011/03/02 11:11:18 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detoured.dll
MOD - [2010/08/05 14:51:18 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3184.827__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/08/05 14:51:18 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3184.981__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/08/05 14:51:18 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3184.800__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:18 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3184.830__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/08/05 14:51:18 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3184.950__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:18 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3184.921__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3184.823__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/08/05 14:51:18 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3184.896__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3184.813__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:14 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3184.930__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:14 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3184.980__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:14 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3184.983__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:14 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3184.931__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/08/05 14:51:14 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3184.809__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3184.929__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:14 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3184.980__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:13 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3184.900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:13 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3184.832__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:13 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3184.891__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:13 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3184.814__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:13 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3184.942__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/08/05 14:51:13 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3184.919__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:13 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3184.898__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:13 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3184.838__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/08/05 14:51:13 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3184.831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:13 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3184.916__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/08/05 14:51:13 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3184.899__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3184.897__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3184.837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3184.898__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3184.915__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3184.918__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/08/05 14:51:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3092.25949__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/08/05 14:51:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3092.25944__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/08/05 14:51:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3092.25956__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/08/05 14:51:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3092.26016__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/08/05 14:51:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3092.25969__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/08/05 14:51:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3092.26016__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/08/05 14:51:13 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/08/05 14:51:12 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3092.25994__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3092.25937__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/08/05 14:51:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3092.25951__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3092.25993__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3092.25989__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3092.25989__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3092.25988__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/08/05 14:51:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3092.26011__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3092.25992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3092.25934__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/08/05 14:51:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3092.25966__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3092.25936__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/08/05 14:51:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3092.26049__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/08/05 14:51:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3092.26010__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3092.25983__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3092.25973__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3092.25970__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3092.26013__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3092.25990__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3092.25972__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010/08/05 14:51:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3092.25954__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3092.25948__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3092.25944__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3092.25973__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3092.25968__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/08/05 14:51:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3092.25966__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/08/05 14:51:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3092.26012__90ba9c70f846762e\DEM.OS.dll
MOD - [2010/08/05 14:51:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/08/05 14:51:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3092.25972__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/08/05 14:51:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/08/05 14:51:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3092.25950__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3092.25982__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3092.25973__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/08/05 14:51:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3092.25949__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/08/05 14:51:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3184.997__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/08/05 14:51:10 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/08/05 14:51:10 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/08/05 14:51:10 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3184.1010__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2010/08/05 14:51:10 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3184.791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/08/05 14:51:09 | 000,999,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3184.805__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/08/05 14:51:09 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3184.963__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/08/05 14:51:09 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3184.819__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/08/05 14:51:09 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3184.972__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/08/05 14:51:09 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3184.794__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010/08/05 14:51:09 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3184.969__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/08/05 14:51:09 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3184.793__90ba9c70f846762e\APM.Server.dll
MOD - [2010/08/05 14:51:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3184.796__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/08/05 14:51:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3184.794__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/08/05 14:51:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3092.25970__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/08/05 14:51:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3184.791__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/08/05 14:51:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3092.25941__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/08/05 14:51:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3092.25954__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/08/05 14:51:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3092.25946__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/08/05 14:51:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/08/05 14:51:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3184.971__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/08/05 14:51:09 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3092.25969__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/08/05 14:51:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3092.25969__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/08/05 14:51:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3092.25965__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/08/05 14:51:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3092.25995__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/08/05 14:51:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3092.25940__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/12/10 22:23:52 | 000,045,056 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll
MOD - [2009/04/22 01:45:44 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2009/04/15 18:50:00 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2008/11/11 23:35:34 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2008/06/10 01:23:38 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007/06/19 00:28:44 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/15 20:11:54 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/15 11:38:33 | 003,435,096 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011/01/27 16:51:04 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/21 21:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/10/19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/09/17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009/12/10 22:59:40 | 000,251,240 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/12/10 22:59:38 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/04/15 18:50:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/04/02 14:35:20 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/03/30 12:08:14 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/03/05 05:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/02/11 21:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/11 21:19:28 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009/02/11 20:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/10/27 02:38:40 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2008/10/27 02:38:34 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2008/10/27 02:33:22 | 001,676,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2008/10/09 10:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/25 00:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/25 16:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 21:21:42 | 000,162,280 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\SBITS\DDNIOEMService.exe -- (DDNIOEMService)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/17 04:37:30 | 000,467,072 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/03/10 22:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2009/08/14 21:18:24 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/04/15 18:50:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/02/09 19:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mux.sys -- (MUXP)
DRV - [2009/02/09 19:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mux.sys -- (MUXMP)
DRV - [2009/02/09 17:40:32 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/01/29 01:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/29 01:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/10/27 03:37:18 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/09/25 08:49:52 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/19 07:49:34 | 003,881,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2008/09/19 06:41:00 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2008/07/11 03:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/12 10:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/04/19 00:40:24 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/03/26 05:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/22 23:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/01/21 03:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/21 03:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 00:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/19 00:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/19 00:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/19 00:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/19 00:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/19 00:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/19 00:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/19 00:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/04/23 14:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 14:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 14:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 14:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 14:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/02/09 04:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/09 04:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2001/05/07 11:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1853308285-865056411-922338472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1853308285-865056411-922338472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
IE - HKU\S-1-5-21-1853308285-865056411-922338472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1853308285-865056411-922338472-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:20110101

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes2\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\LENOVO\AppData\Local\Roblox\Versions\version-7a404405e6f944e5\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\LENOVO\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\LENOVO\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\LENOVO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/08/06 16:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/02 01:02:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 01:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/05 14:50:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2010/08/05 15:13:01 | 000,000,000 | ---D | M]

[2010/10/31 18:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LENOVO\AppData\Roaming\Mozilla\Extensions
[2011/04/29 23:42:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\xqbyuseu.default\extensions
[2010/10/31 23:55:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\xqbyuseu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/17 15:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/21 19:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2011/02/26 22:48:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/17 15:20:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/06 16:31:08 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/10/23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/05/08 16:17:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1853308285-865056411-922338472-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes2\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1853308285-865056411-922338472-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1853308285-865056411-922338472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1303935397869 (MUCatalogWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O24 - Desktop WallPaper: C:\SWTOOLS\Wallpaper\1600x1200-Thinkdots.jpg
O24 - Desktop BackupWallPaper: C:\SWTOOLS\Wallpaper\1600x1200-Thinkdots.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/15 21:44:49 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\LENOVO\Desktop\OTL.exe
[2011/08/15 14:43:43 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\LENOVO\Desktop\aswMBR.exe
[2011/08/13 00:39:46 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\New Folder (13)
[2011/08/12 12:43:09 | 004,170,159 | ---- | C] (Swearware) -- C:\Users\LENOVO\Desktop\George.exe
[2011/08/12 12:42:43 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\LENOVO\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/10 21:00:10 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 20:59:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/10 20:59:47 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/10 20:59:45 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 20:59:45 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 20:59:44 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/10 20:59:44 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/10 20:59:44 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/10 20:59:43 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/10 20:59:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/10 20:59:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 20:59:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/10 20:59:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/10 20:59:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/10 20:59:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/10 20:59:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/10 20:59:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 20:59:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/10 20:59:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/10 20:59:14 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 20:59:11 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 16:46:30 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\.minecraft
[2011/08/10 16:09:14 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\Resources
[2011/08/10 16:09:14 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\Jar
[2011/08/10 16:05:25 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\src
[2011/08/10 16:05:24 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\bin
[2011/08/09 20:42:43 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\MilleĢnaire 1.1.1.b
[2011/08/08 20:23:53 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\.minecraft
[2011/08/08 19:39:38 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\MilleĢnaire 1.0.7.b
[2011/08/08 19:35:06 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\New Folder (12)
[2011/08/06 15:22:53 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\New Folder (11)
[2011/08/06 13:21:39 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Documents\Daniel Browning_files
[2011/07/27 20:16:11 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\New Folder (6)
[2011/07/27 18:16:52 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/27 18:16:49 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

========== Files - Modified Within 30 Days ==========

[2011/08/15 21:45:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\LENOVO\Desktop\OTL.exe
[2011/08/15 20:59:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 20:59:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 14:49:33 | 000,000,512 | ---- | M] () -- C:\Users\LENOVO\Desktop\MBR.dat
[2011/08/15 14:43:47 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\LENOVO\Desktop\aswMBR.exe
[2011/08/15 13:02:35 | 000,001,024 | ---- | M] () -- C:\Users\LENOVO\.rnd
[2011/08/15 13:01:09 | 000,057,712 | ---- | M] () -- C:\Users\Public\Documents\ACGinaWinlogon.dat
[2011/08/15 13:01:09 | 000,027,476 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2011/08/15 13:01:09 | 000,004,099 | ---- | M] () -- C:\Users\Public\Documents\AcIpConfig.dat
[2011/08/15 12:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/15 12:59:35 | 2036,379,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/14 21:55:49 | 000,222,338 | ---- | M] () -- C:\Users\LENOVO\Desktop\1922Aug.pdf
[2011/08/13 11:12:03 | 000,007,728 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\d3d9caps.dat
[2011/08/12 12:43:48 | 013,631,310 | ---- | M] () -- C:\Users\LENOVO\Desktop\security.rar
[2011/08/12 12:43:09 | 004,170,159 | ---- | M] (Swearware) -- C:\Users\LENOVO\Desktop\George.exe
[2011/08/12 12:42:43 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\LENOVO\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/11 16:22:14 | 000,032,768 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/11 14:28:33 | 000,647,914 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/11 14:28:33 | 000,125,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/10 16:00:32 | 001,928,847 | ---- | M] () -- C:\Users\LENOVO\Desktop\minecraft (2).jar
[2011/08/09 16:56:05 | 254,465,388 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/08 20:23:49 | 000,270,142 | ---- | M] () -- C:\Users\LENOVO\Desktop\Minecraft.exe
[2011/08/07 14:02:45 | 000,000,129 | ---- | M] () -- C:\Users\LENOVO\jagex_runescape_preferences2.dat
[2011/08/07 14:01:45 | 000,000,046 | ---- | M] () -- C:\Users\LENOVO\jagex_runescape_preferences.dat
[2011/08/06 17:39:18 | 001,719,293 | ---- | M] () -- C:\Users\LENOVO\Desktop\Danse Madison.mp3
[2011/08/06 16:31:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/06 13:27:04 | 000,057,219 | ---- | M] () -- C:\Users\LENOVO\Desktop\264583_2012381183370_1058985308_2258678_8297748_n (1).jpg
[2011/08/06 13:21:39 | 000,470,502 | ---- | M] () -- C:\Users\LENOVO\Documents\Daniel Browning.htm
[2011/07/28 20:36:56 | 000,313,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/23 12:04:18 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/23 12:01:07 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/07/23 12:00:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/07/23 12:00:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/07/23 12:00:05 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/07/23 11:59:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/23 11:59:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/07/23 11:59:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/07/23 11:59:34 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/07/23 11:59:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/07/23 11:59:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/07/23 11:59:34 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/07/23 11:59:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/07/23 11:03:47 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/07/23 10:27:04 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/07/23 10:26:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/07/23 10:25:38 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2011/08/15 14:49:33 | 000,000,512 | ---- | C] () -- C:\Users\LENOVO\Desktop\MBR.dat
[2011/08/14 21:55:45 | 000,222,338 | ---- | C] () -- C:\Users\LENOVO\Desktop\1922Aug.pdf
[2011/08/13 21:57:26 | 000,027,476 | ---- | C] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2011/08/12 12:43:42 | 013,631,310 | ---- | C] () -- C:\Users\LENOVO\Desktop\security.rar
[2011/08/10 16:05:05 | 001,928,847 | ---- | C] () -- C:\Users\LENOVO\Desktop\minecraft (2).jar
[2011/08/10 10:25:12 | 000,057,712 | ---- | C] () -- C:\Users\Public\Documents\ACGinaWinlogon.dat
[2011/08/08 20:02:53 | 000,270,142 | ---- | C] () -- C:\Users\LENOVO\Desktop\Minecraft.exe
[2011/08/06 17:39:15 | 001,719,293 | ---- | C] () -- C:\Users\LENOVO\Desktop\Danse Madison.mp3
[2011/08/06 13:27:04 | 000,057,219 | ---- | C] () -- C:\Users\LENOVO\Desktop\264583_2012381183370_1058985308_2258678_8297748_n (1).jpg
[2011/08/06 13:21:33 | 000,470,502 | ---- | C] () -- C:\Users\LENOVO\Documents\Daniel Browning.htm
[2011/05/08 20:50:47 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/08 15:48:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/08 15:48:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/08 15:48:57 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/08 15:48:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/08 15:48:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/03 22:50:29 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/03 22:50:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/03 22:47:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/15 19:45:16 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/11/27 14:40:48 | 000,000,042 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\RSBot_Accounts.ini
[2010/09/17 15:09:01 | 000,032,768 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/02 15:18:08 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/08/26 14:27:44 | 000,007,728 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\d3d9caps.dat
[2010/08/25 19:31:34 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/08/05 22:59:02 | 000,605,056 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\wanancsp.dat
[2010/08/05 15:20:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/05 15:01:10 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2010/08/05 15:01:09 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/05 14:59:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/08/05 14:59:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/08/05 14:59:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/08/05 14:59:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/08/05 14:59:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/08/05 14:59:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/08/05 14:49:40 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/05 14:49:38 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/05 14:49:38 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2010/08/05 14:49:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2010/08/05 14:49:37 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/08/05 14:49:37 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010/08/05 14:49:37 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2010/08/05 14:49:37 | 000,000,466 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/08/05 14:22:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/05 14:19:13 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2010/02/28 16:17:48 | 003,284,480 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/10/27 02:38:40 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DTS.exe
[2008/10/27 02:38:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ADMonitor.exe
[2008/04/08 22:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2006/11/02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:43 | 000,313,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,647,914 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,125,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/08/15 20:10:26 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\.minecraft
[2011/02/24 13:00:08 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\EpicBot
[2011/06/04 23:31:04 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Fireshark Studios, LLC
[2010/11/08 01:58:41 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\gtk-2.0
[2011/06/05 14:52:30 | 000,000,000 | -H-D | M] -- C:\Users\LENOVO\AppData\Roaming\ijjigame
[2010/08/08 12:31:10 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\InterVideo
[2011/03/19 23:23:11 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Lenovo
[2010/09/02 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\ManyCam
[2010/09/09 21:09:19 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\PFStaticIP
[2011/04/29 23:38:28 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Research In Motion
[2011/05/08 19:58:11 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Subversion
[2011/04/13 19:24:51 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TeamViewer
[2011/05/21 23:13:05 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TS3Client
[2010/08/05 15:10:21 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/15 02:16:57 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/08/05 14:30:41 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/08/05 14:30:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/08/05 14:30:41 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/08/05 14:30:41 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 03:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/29 23:40:39 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/29 23:40:39 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/29 23:40:39 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/29 23:40:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/29 23:40:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/29 23:40:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/23 12:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/07/23 12:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/29 23:40:39 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/29 23:40:39 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/29 23:40:39 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/29 23:40:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/29 23:40:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/29 23:40:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/23 10:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/23 12:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/07/23 12:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation)

< >

< End of report >
  • 0

#8
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-15 14:44:10
-----------------------------
14:44:10.367 OS Version: Windows 6.0.6002 Service Pack 2
14:44:10.367 Number of processors: 2 586 0x170A
14:44:10.368 ComputerName: LENOVO-PC UserName: LENOVO
14:45:13.305 Initialize success
14:45:14.966 AVAST engine defs: 11081500
14:45:18.854 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:45:18.857 Disk 0 Vendor: WDC_WD16 14.0 Size: 152627MB BusType: 3
14:45:18.878 Disk 0 MBR read successfully
14:45:18.884 Disk 0 MBR scan
14:45:19.269 Disk 0 unknown MBR code
14:45:19.299 Disk 0 scanning sectors +312579760
14:45:20.189 Disk 0 scanning C:\Windows\system32\drivers
14:45:44.373 Service scanning
14:45:51.897 Modules scanning
14:46:12.745 Disk 0 trace - called modules:
14:46:12.764 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
14:46:12.768 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866d99e8]
14:46:12.783 3 CLASSPNP.SYS[887d38b3] -> nt!IofCallDriver -> [0x85b14c60]
14:46:13.112 5 acpi.sys[806956bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8555d028]
14:46:13.786 AVAST engine scan C:\Windows
14:46:35.199 AVAST engine scan C:\Windows\system32
14:48:46.489 AVAST engine scan C:\Windows\system32\drivers
14:48:58.809 AVAST engine scan C:\Users\LENOVO
14:49:33.107 Disk 0 MBR has been saved successfully to "C:\Users\LENOVO\Desktop\MBR.dat"
14:49:33.397 The log file has been saved successfully to "C:\Users\LENOVO\Desktop\aswMBR.txt"

Edited by nortan360, 15 August 2011 - 03:49 PM.

  • 0

#9
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
Your computer seems clean, but let's verify

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#10
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Its go to the point now i cant open internet explorer without it crashing explorer.exe crashes its just laggy MBR check found something..



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 6475WRB
Logical Drives Mask: 0x0005000c

Kernel Drivers (total 182):
0x8284E000 \SystemRoot\system32\ntkrnlpa.exe
0x8281B000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80674000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80682000 \SystemRoot\system32\drivers\acpi.sys
0x806C8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D1000 \SystemRoot\system32\drivers\msisadrv.sys
0x806D9000 \SystemRoot\system32\drivers\pci.sys
0x80700000 \SystemRoot\System32\drivers\partmgr.sys
0x8070F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80712000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8071C000 \SystemRoot\system32\drivers\volmgr.sys
0x8072B000 \SystemRoot\System32\drivers\volmgrx.sys
0x80775000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807A2000 \SystemRoot\System32\drivers\mountmgr.sys
0x82E09000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82EE4000 \SystemRoot\system32\drivers\atapi.sys
0x82EEC000 \SystemRoot\system32\drivers\ataport.SYS
0x82F0A000 \SystemRoot\system32\drivers\msahci.sys
0x82F14000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82F22000 \SystemRoot\system32\drivers\fltmgr.sys
0x82F54000 \SystemRoot\system32\drivers\fileinfo.sys
0x82F64000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x82F7B000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82F85000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88205000 \SystemRoot\system32\drivers\ndis.sys
0x88310000 \SystemRoot\system32\drivers\msrpc.sys
0x8833B000 \SystemRoot\system32\drivers\NETIO.SYS
0x88400000 \SystemRoot\System32\drivers\tcpip.sys
0x884EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8860D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8871D000 \SystemRoot\system32\drivers\volsnap.sys
0x88756000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x8875F000 \SystemRoot\System32\Drivers\spldr.sys
0x88767000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x88787000 \SystemRoot\System32\Drivers\mup.sys
0x88796000 \SystemRoot\System32\drivers\ecache.sys
0x887BD000 \SystemRoot\system32\drivers\disk.sys
0x887CE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x887EF000 \SystemRoot\system32\drivers\crcdisk.sys
0x885E0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x885EB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88376000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C806000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8CE04000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8D4E8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D588000 \SystemRoot\System32\drivers\watchdog.sys
0x8D594000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8D5A7000 \SystemRoot\system32\DRIVERS\HECI.sys
0x8D5B1000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x8D5EB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CDA6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CDE4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DA08000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8DD9D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8DDAD000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8DDBB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DDCE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D88D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8DDD9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DDDB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DDE6000 \SystemRoot\system32\drivers\tpm.sys
0x8DDF4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DDF8000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x8DDFD000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8D8C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8D8E0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8D8E9000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D918000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D959000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D964000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x8D96A000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8D977000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D9A1000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8D9A9000 \SystemRoot\system32\drivers\modem.sys
0x8D9B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x88398000 \SystemRoot\system32\DRIVERS\mux.sys
0x8D9CD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D9D8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x883E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807B2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807C6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D5F6000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8E00B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8E094000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E0A4000 \SystemRoot\system32\DRIVERS\psadd.sys
0x8E0AB000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x8E0B3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E0B5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E0BF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E0CC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E101000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E112000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8E187000 \SystemRoot\system32\drivers\portcls.sys
0x8E1B4000 \SystemRoot\system32\drivers\drmk.sys
0x805B2000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90A0A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90B0C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x9100C000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x9107C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91085000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91095000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x910AB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x910B4000 \SystemRoot\System32\Drivers\Null.SYS
0x910BB000 \SystemRoot\System32\Drivers\Beep.SYS
0x910C2000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x910D1000 \SystemRoot\System32\drivers\vga.sys
0x910DD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x910FE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91106000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9110E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91119000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91127000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91130000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91146000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x9114F000 \SystemRoot\system32\DRIVERS\smb.sys
0x91163000 \SystemRoot\system32\drivers\afd.sys
0x911AB000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x911B0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x911E2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x911EA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9109C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90BC1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x910C8000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x91403000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9143F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91449000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x9144B000 \SystemRoot\system32\drivers\csc.sys
0x914A6000 \SystemRoot\System32\Drivers\dfsc.sys
0x914BD000 \SystemRoot\System32\Drivers\aswSP.SYS
0x91507000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x9157C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88505000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x81CD0000 \SystemRoot\System32\win32k.sys
0x91589000 \SystemRoot\System32\drivers\Dxapi.sys
0x91593000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81EF0000 \SystemRoot\System32\TSDDD.dll
0x915A2000 \SystemRoot\system32\drivers\luafv.sys
0x915BD000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x915F5000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x91000000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0x90BD4000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x915F8000 \SystemRoot\System32\DLA\DLADResM.SYS
0x90BDF000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x915F9000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x915FE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x90BF7000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x90A00000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x8E1D9000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x807DB000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xAFA09000 \SystemRoot\system32\drivers\spsys.sys
0xAFAB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAFAC9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAFAF3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAFAFD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAFB10000 \SystemRoot\system32\drivers\HTTP.sys
0xAFB7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAFB9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAFBB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAFBC8000 \SystemRoot\system32\drivers\mrxdav.sys
0xB1A03000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB1A22000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB1A5B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB1A73000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB1A9B000 \SystemRoot\System32\DRIVERS\srv.sys
0xB1B02000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB1B06000 \SystemRoot\system32\drivers\peauth.sys
0xB1BE4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB1BEE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB1AEA000 \??\C:\Program Files\Free Ride Games\X4HSEx.Sys
0xAFBE9000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x81F20000 \SystemRoot\System32\cdd.dll
0xBC008000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77A80000 \Windows\System32\ntdll.dll

Processes (total 109):
0 System Idle Process
4 System
528 C:\Windows\System32\smss.exe
644 csrss.exe
684 C:\Windows\System32\wininit.exe
696 csrss.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
856 C:\Windows\System32\winlogon.exe
928 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\DTS.exe
1024 C:\Windows\System32\ibmpmsvc.exe
1056 C:\Windows\System32\AtService.exe
1116 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\audiodg.exe
1476 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\SLsvc.exe
1588 C:\Windows\System32\svchost.exe
1720 C:\Windows\System32\svchost.exe
1864 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1872 C:\Windows\System32\wlanext.exe
344 C:\Windows\System32\spoolsv.exe
340 C:\Windows\System32\svchost.exe
2208 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
2232 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
2272 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2316 C:\Program Files\Bonjour\mDNSResponder.exe
2340 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2444 C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
2480 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2612 C:\Windows\System32\svchost.exe
2628 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
2648 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2684 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2756 C:\Windows\System32\svchost.exe
2796 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
2836 C:\Windows\System32\svchost.exe
2860 C:\Windows\System32\SearchIndexer.exe
2924 C:\Windows\System32\drivers\XAudio.exe
2956 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
3156 C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
3420 WmiPrvSE.exe
3872 C:\Windows\System32\dwm.exe
1556 C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
1692 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
2488 C:\Windows\System32\TpShocks.exe
2792 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
2852 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
952 C:\Windows\System32\igfxpers.exe
3304 C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
384 C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
460 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3888 C:\Windows\System32\Ati2evxx.exe
3932 C:\Windows\System32\Ati2evxx.exe
3624 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
2600 C:\Windows\System32\mobsync.exe
768 C:\Windows\System32\rundll32.exe
3800 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
3004 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
3404 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
1284 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
1216 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
3036 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1264 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
372 C:\Program Files\Real\RealPlayer\Update\realsched.exe
3328 C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
2192 C:\Program Files\Windows Media Player\wmpnscfg.exe
408 C:\Program Files\Digital Line Detect\DLG.exe
3860 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
4256 C:\Program Files\Windows Media Player\wmpnetwk.exe
5088 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
5372 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5468 C:\Program Files\iPod\bin\iPodService.exe
5728 C:\Program Files\DDNI\SBITS\DDNIOEMService.exe
5768 C:\Windows\System32\svchost.exe
5944 C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
4284 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
4300 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
380 C:\Windows\System32\TPHDEXLG.exe
1576 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
4364 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
4400 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
3752 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4728 C:\Program Files\Windows Live\Contacts\wlcomm.exe
4632 C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe
6064 C:\Windows\System32\taskmgr.exe
5996 C:\Windows\System32\VSSVC.exe
5232 C:\Program Files\Internet Explorer\iexplore.exe
5856 C:\Program Files\Internet Explorer\iexplore.exe
2788 C:\Program Files\Internet Explorer\iexplore.exe
3268 C:\Windows\System32\svchost.exe
5040 C:\Windows\System32\taskeng.exe
5436 MpCmdRun.exe
4312 C:\Windows\explorer.exe
4340 C:\Windows\servicing\TrustedInstaller.exe
4664 C:\Windows\System32\wuauclt.exe
3704 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.EXE
3464 C:\Windows\System32\igfxsrvc.exe
2428 C:\Windows\System32\SearchProtocolHost.exe
4668 C:\Windows\System32\SearchFilterHost.exe
4744 C:\Windows\System32\SearchProtocolHost.exe
4496 dllhost.exe
376 dllhost.exe
5524 C:\Users\LENOVO\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x0000001f`e4200000 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-08VAT2, Rev: 14.01A14

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 54B2EF8DE3BAA3E396B0FB8676C365FBA3DCA8BC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

Advertisements


#11
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Also

0xB1AEA000 \??\C:\Program Files\Free Ride Games\X4HSEx.Sys



Free Ride Games

Could you produce a otl delete to remove the folder for me please :)


Also from looking back at my OTL log could ou tell me what this browser helper object is

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found

From searching the CLSID it comes back with no results

Edited by nortan360, 16 August 2011 - 08:32 AM.

  • 0

#12
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Can you zip that file:
C:\Users\LENOVO\Desktop\MBR.dat
and upload it here? You must zip it before uploading it, otherwise you won't be able to upload it


Next:

Before deleting this folder and its driver, please uninstall the following program:
Free Ride Games


Next:

Open OTL, click the None button.
Under Extra Registry select Use SafeList
Click the Run Scan button
A log called Extras.txt should be produced. Please paste its contents here
  • 0

#13
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
It wont let me attach it so i have uploaded it to media fire
I have archived it in .rar

http://www.mediafire...ub9l4oalxo2kya4
  • 0

#14
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
OTL Extras logfile created on: 16/08/2011 17:26:50 - Run 4
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\LENOVO\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.90 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 30.57% Memory free
4.03 Gb Paging File | 2.39 Gb Available in Paging File | 59.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126.10 Gb Total Space | 30.38 Gb Free Space | 24.09% Space Free | Partition Type: NTFS
Drive Q: | 21.49 Gb Total Space | 15.98 Gb Free Space | 74.38% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.08% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: LENOVO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E10263-1297-476B-89D7-C521B6E1A740}" = lport=137 | protocol=17 | dir=in | app=system |
"{21B2EBC2-F171-4D18-B257-D6720AC44DDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{256C6FEB-BCB9-4D33-ACE6-66CC7FB626A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{27471830-068F-4C4D-B901-F470888D3B74}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C5C9D1A-86A2-46FE-A3FA-325081CCC58D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2E6DBF92-F6C9-46B8-AF59-BC7726FD0D6F}" = lport=43594 | protocol=6 | dir=in | name=swscape.no-ip.org |
"{30E59034-2DE5-4281-A5CF-4831E4A9699E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39044C18-86E1-47AC-89EF-2C84268288BA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{391BED42-08C5-4A36-81B5-D6818C894AF9}" = rport=137 | protocol=17 | dir=out | app=system |
"{5178A66A-052E-4A03-9483-869EDEA93A31}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{5BE10410-0B86-4364-AB4B-198BAAE4E90D}" = lport=57575 | protocol=6 | dir=in | name=pando media booster |
"{5E7BD38E-CAFC-482F-AA4A-EE40858E3134}" = rport=445 | protocol=6 | dir=out | app=system |
"{610EDFA8-BAEF-4C03-B365-0A95B8AE175C}" = lport=57575 | protocol=6 | dir=in | name=pando media booster |
"{6567C1D5-BDBB-4274-9489-BEC38B0738AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{6AC879D9-0EA8-420C-BF19-2473DAD547FB}" = lport=57575 | protocol=17 | dir=in | name=pando media booster |
"{6E027DEC-50D5-44C4-B0CF-FB016F837FED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{74E84433-5E7F-49EC-8DCE-8E80A804A557}" = lport=49587 | protocol=6 | dir=in | name=akamai netsession interface |
"{75A3A323-66CB-4987-8294-A66DDF9BACAE}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{78EA951D-7435-4E13-A77A-F964DCBA7DEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78EA9EF5-A00F-43DB-82E9-ED294D0ED3DB}" = lport=57575 | protocol=17 | dir=in | name=pando media booster |
"{7C7DDD45-898C-48CA-8553-389EB5651CC1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{922341DD-F548-4DFA-81DE-970591797FC7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{94E5822F-651E-425A-8790-86C464EFFA26}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{96871178-11DA-4D99-BED8-5B8908D7E0B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A0F80BC9-C947-4E78-BB0D-9BF55BAD7489}" = rport=138 | protocol=17 | dir=out | app=system |
"{A8825AFA-ABAE-45AA-9612-3908A818EDA3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B1588921-2E17-42B9-B725-11891B976243}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{B3FC28EB-35A3-4E71-9280-E7B225D47071}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B45E266D-2B08-45BE-A06C-7124BF5F697F}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{BDF0DFDC-FB14-4B76-9BC9-11479FD3491D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BEA188E9-8C3B-4B56-9459-DF040634104A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{D58E1362-AFBF-4106-B60D-46CA090C4C77}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{F5B9B7DC-5F7D-423F-8B82-DE56BF959CB5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC614984-22A5-4723-9C36-1CAFCF1D459A}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0700133B-52A5-41EF-A3FB-BFAF846DB06B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0AFEBF64-0694-41A5-8DCD-DFCD0FCC2C31}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CE5AE70-FC18-4688-B27D-2E831AA4CEB5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{19387BF8-4743-42FE-9E67-A6419385BBEB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{276CB0FD-E689-45AD-A2B1-9DEA2B28451D}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{2A77DFFA-B23B-4E4F-8933-105BC90D5CF3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2C62E312-1007-43E1-9A5B-4D7F64CDCFFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{343FB819-FC15-4E93-8913-71A6A61E5401}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{361D34D6-AF6C-4060-9D3F-C470116A0E51}" = protocol=17 | dir=in | app=c:\users\lenovo\appdata\local\microsoft\windows\temporary internet files\content.ie5\ivoqulte\setup-msgplus-501[1].exe |
"{450B69F6-2926-4535-B704-0B4D820DC7A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5136DA43-4FA9-4E8A-9B78-5CF66B47741F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5EBE6BB3-5385-45C4-9751-BE4DB3ED41CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{60D22485-9E3D-4B74-BAA7-C32894C46F29}" = protocol=6 | dir=in | app=c:\users\lenovo\appdata\local\microsoft\windows\temporary internet files\content.ie5\ivoqulte\setup-msgplus-501[1].exe |
"{61FAC299-C882-4C2C-958E-B68C0B641AA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62930958-F20C-4DD0-844D-4BEA9EA35E74}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6BAA21AA-C6CE-4EEB-8F1C-4691DA313C88}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{77552DD5-8E79-4653-95F7-9E26A27A50BA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{777D462F-596A-4F82-BEFA-A98B5D01ECB1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{7EE48DAB-15E7-480D-A88E-10686E40C271}" = protocol=58 | dir=in | [email protected],-28545 |
"{86DD0301-BC92-469D-891D-6E88E219442E}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{86E63D18-EC78-48B5-BA23-48DD14A696A3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{885D8DF0-6205-4374-B7BC-DEACA8F2A9A1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
"{8F22B356-646D-4E75-85F0-C6FA62E18A46}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{8FBC55EE-A1D5-40FB-AC09-F5FB61B4A06D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{9A8E0563-416F-4A65-8D37-CD399D8CBE90}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9DA5508F-2847-45EC-BC4B-C5280FB30F73}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A08FD582-C997-43CD-9E28-3734576C6040}" = protocol=58 | dir=out | [email protected],-28546 |
"{AE96CC19-D182-4B36-B3CA-44FE3FE1350B}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{BDE10E61-1428-4596-89A5-CB9D0013435A}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{C6B7B682-B84A-4B0B-9A12-830C69323528}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{D0F1A529-842E-4F2A-8574-BDCBD20131A3}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{D456DFAF-EFDF-4D40-8C84-B1EFBDEE85FC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DA201C3C-6069-4AD5-84D1-481CF9B7D5DD}" = protocol=1 | dir=in | [email protected],-28543 |
"{DAD4E975-4BF0-4529-A370-86E15A49EA83}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E4850002-D08B-4487-9722-A8274FCC8844}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{E6325377-EF7F-4B2B-A538-4777E9BB9293}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{E7A69F0A-86BC-406E-B399-8798CA1DBB07}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E7FDD2AF-C0DE-4F47-A68F-942BE083A37D}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{EBAA3DBF-69AD-4146-9011-CB40CBFDD317}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F03D91A1-BC1B-4E59-A19E-B45D1B7AF677}" = protocol=1 | dir=out | [email protected],-28544 |
"{F2C0CA97-8CA4-4C90-A45B-20FF8630E4E6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
"{F5FE53DD-BF66-4C6F-800D-4E57EEDB6B73}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F73950FE-E876-44F3-BBF1-19B06098C83E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FE37C394-7151-4949-873B-E098CB8F6760}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"TCP Query User{05DC791A-284C-461E-B26B-7A2D87C074DB}C:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe |
"TCP Query User{1F041277-8F02-4368-BAFF-9B1022BD0649}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=6 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"TCP Query User{244D5EF7-68CC-42B8-8526-49674288680D}C:\users\lenovo\desktop\triburileserver\www.howcandothis.com\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\triburileserver\www.howcandothis.com\apache\bin\apache.exe |
"TCP Query User{295E2B8D-08A0-4225-BC37-6643DF5B52BA}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{3D2B2BDB-B749-4581-9F10-51E8D58CFD30}C:\program files\net tools\fastftpclient.exe" = protocol=6 | dir=in | app=c:\program files\net tools\fastftpclient.exe |
"TCP Query User{49153710-D820-4118-8A4C-66B3237D15A6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5CCAA8F4-E289-4966-A690-63ABA8A46D8D}C:\users\lenovo\desktop\triburileserver\www.howcandothis.com\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\triburileserver\www.howcandothis.com\mysql\bin\mysqld.exe |
"TCP Query User{5F7C276E-2767-4D6A-9215-ECE7CE812B78}C:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe |
"TCP Query User{71EE5921-2C48-44AB-AC63-AA2DA669286A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{7DDBAB78-B9B1-4D03-9239-0CC914E980FC}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{82856A8F-7D76-4947-9B40-203A77B2AAF0}C:\program files\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files\net tools\nettools5.exe |
"TCP Query User{93C7E2EB-1465-4B72-ACC6-D1F24AA6D48B}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{96E86FF6-61E0-4023-9632-6081F9D32835}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A54694BB-93A5-4F1D-BD24-F26831E443FA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B613B745-A8D3-47B9-9C99-CECF7752E994}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{BA8983E9-E7C0-4A3C-B62F-4076D3C950A4}C:\users\lenovo\desktop\twlan\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\twlan\apache\bin\httpd.exe |
"TCP Query User{C3BE0646-BCC7-4150-9346-928A46CE1F5F}C:\users\lenovo\desktop\twlan\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\twlan\mysql\bin\mysqld.exe |
"TCP Query User{C63E77A8-792A-460A-96CD-5A4C8897494F}C:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.exe |
"TCP Query User{C95D235D-9B0F-45D5-8ADA-1ED0D4472000}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{D47B7EE5-3934-4CD4-B658-BFD79DF79107}C:\users\lenovo\desktop\habluxrp beta rel 2\hablux rp beta rel 2.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\habluxrp beta rel 2\hablux rp beta rel 2.exe |
"TCP Query User{D680B5CD-CCE5-43F9-B0BA-EDF4601A681D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DA5FC8AB-9010-4B65-BE0B-DE16EEF93648}C:\users\lenovo\desktop\bloodline v3 se\bloodline v3 se.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\bloodline v3 se\bloodline v3 se.exe |
"TCP Query User{F26B82D2-F736-4A06-A803-563D789CF147}C:\users\lenovo\desktop\mess-mania v8.0\mess-mania v8.0.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\mess-mania v8.0\mess-mania v8.0.exe |
"TCP Query User{F48F1DA2-9E9F-4C9B-8678-EF37B3691DB1}C:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.vshost.exe" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.vshost.exe |
"UDP Query User{03BC286A-0BE9-433B-AC95-D757024857FF}C:\users\lenovo\desktop\twlan\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\twlan\apache\bin\httpd.exe |
"UDP Query User{17533472-8C8E-4F57-A3E5-1E805E4BA19A}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{178E74C9-F5D9-493E-A3D0-FC5C03DC15A3}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=17 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"UDP Query User{25C3BC54-D76C-4F44-9E06-5EBABAF05A35}C:\users\lenovo\desktop\habluxrp beta rel 2\hablux rp beta rel 2.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\habluxrp beta rel 2\hablux rp beta rel 2.exe |
"UDP Query User{398AE55C-1ED7-4304-8EF3-6BA804F5278E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3DA1A22B-D765-4CEF-9FFE-D1DC8C99D27F}C:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.vshost.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.vshost.exe |
"UDP Query User{4315B022-70F5-49A0-91AB-8B0A561DC96B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{45626900-5098-45E3-8D64-F7D38DBA9929}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4F4B0964-4C6C-480D-BAA6-767DE3785D7D}C:\users\lenovo\desktop\bloodline v3 se\bloodline v3 se.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\bloodline v3 se\bloodline v3 se.exe |
"UDP Query User{52D775C1-3CCD-412E-8760-DFF48F5FF2A8}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{583EA1C6-18F4-418C-8AC8-8E6AE0026676}C:\users\lenovo\desktop\triburileserver\www.howcandothis.com\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\triburileserver\www.howcandothis.com\apache\bin\apache.exe |
"UDP Query User{5B1C0578-2275-4439-9547-883D0ABF364D}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{5B6A4D74-A91E-4900-9AFF-3E08CFB8786C}C:\users\lenovo\desktop\twlan\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\twlan\mysql\bin\mysqld.exe |
"UDP Query User{695B1699-A248-4B33-B42F-419C1D24EFBF}C:\users\lenovo\desktop\triburileserver\www.howcandothis.com\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\triburileserver\www.howcandothis.com\mysql\bin\mysqld.exe |
"UDP Query User{6BCBD31F-C862-4E8B-8F0C-B9FD84ABA091}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{7856B75F-EEDD-4B63-9BE9-00BE244C8D10}C:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe |
"UDP Query User{7BB7B439-B39C-4729-8806-A9DCEA74B427}C:\program files\net tools\fastftpclient.exe" = protocol=17 | dir=in | app=c:\program files\net tools\fastftpclient.exe |
"UDP Query User{934B7859-65E9-4034-AA5C-44E22C737364}C:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\debbo v3.5\debbo v3.5.exe |
"UDP Query User{9A562150-3F1F-4835-8B78-36ACCDEF7EB6}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{9D25BD1A-F0EC-4A97-AAE0-47FB653FA394}C:\program files\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files\net tools\nettools5.exe |
"UDP Query User{AEA50C1C-4393-4205-8B09-39BCC26F8C8E}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{BDA8AE89-E8F3-450F-91AB-9A7074923B9C}C:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\holograph emulator\bin\debug\holograph emulator.exe |
"UDP Query User{D247616E-241D-4894-A324-0E904BA2CFBB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F157B8A8-6B39-447F-A253-EDECE4F0E195}C:\users\lenovo\desktop\mess-mania v8.0\mess-mania v8.0.exe" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\mess-mania v8.0\mess-mania v8.0.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052E244C-3674-8907-D9C3-092C89521B94}" = Catalyst Control Center Localization Korean
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{09A84D86-C709-4825-9548-ACF4838D478D}" = Intel® PROSet/Wireless WiFi Software
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0C7DE40E-7C89-4AFB-B744-846F1B582B71}" = SBITS
"{10F90FAD-6627-7113-86AE-C243C74F0DEF}" = CCC Help German
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1" = Manic Digger
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{1433371A-F983-9562-3947-92420A72849D}" = Catalyst Control Center Graphics Previews Vista
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22266E88-29AF-8D27-F85F-DD75D76E4AE2}" = Catalyst Control Center Localization German
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23146B80-2B64-023D-0696-A753E5C45FB4}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java™ SE Development Kit 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3752F72E-A481-41C7-256B-C20D7BFBE3BC}" = CCC Help English
"{3A02BF10-88B9-4D61-9439-A67C9DE7D4BC}" = RS2Bot
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{433894BE-54BF-CC72-2147-14EA837ADC87}" = CCC Help Portuguese
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{52F58309-1687-0C82-699A-27D9029B9429}" = CCC Help Spanish
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 5.2.5
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ADC5DFC-24AA-D4E1-478A-5CD6337F8051}" = Catalyst Control Center Localization Italian
"{6B00B854-F04B-5C6A-63C5-21B9EF8CE3CF}" = CCC Help French
"{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}" = MySQL Connector/ODBC 5.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{771C80E2-7A02-D773-96C3-155F217CD02A}" = CCC Help Japanese
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B647582-EE62-8275-9D76-15692741C585}" = Catalyst Control Center Localization Chinese Traditional
"{7B64FC21-1526-4471-9F37-A81B55D1202D}" = SmartFTP Client
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{821456F8-EB18-41A8-DED5-695096B7D9D6}" = Catalyst Control Center Localization Chinese Standard
"{8220C00D-CBA1-AB41-1A66-7B99FAEF65F9}" = ATI Catalyst Install Manager
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACB5112-A58B-7283-B771-6271A0D9471D}" = Catalyst Control Center Core Implementation
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EBBED54-C2D0-928A-7CA9-D28FAD39C4B6}" = CCC Help Korean
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94B1AD86-8764-8853-F4BB-7F92D5E94AA3}" = Catalyst Control Center Graphics Full New
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B14495A-E66F-3D68-3B03-D40A6862D6D7}" = ccc-utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding
"{A1928ACA-FAB4-4122-86F2-E7C7949EE22E}" = TortoiseSVN 1.6.15.21042 (32 bit)
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A7EE37A9-367B-651F-9F4A-0BDE35D7417F}" = CCC Help Chinese Standard
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{ABC6E084-55EA-5860-4654-B21FFE886B1B}" = PX Profile Update
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE2832A3-8108-F2BF-7086-BE66D29106E7}" = Catalyst Control Center Graphics Light
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA0B7C1F-5315-50C4-1EE9-FFA688A28C74}" = Catalyst Control Center Localization Spanish
"{BAAC402D-86A7-3918-4A24-7C8E83AE1756}" = CCC Help Swedish
"{BBDD2E21-F74F-FE49-956D-13FB1999DC28}" = CCC Help Italian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF1ECD50-5A11-B18B-4AA0-20E41E7C20F7}" = Catalyst Control Center Localization Japanese
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C710E77E-6AC2-608B-214C-CEF6B9CDBA6E}" = Catalyst Control Center InstallProxy
"{C7EE261A-06E9-402D-B504-9967F8FC6F0C}" = Mobile Broadband Connect
"{C945C17F-2E78-4511-ABB6-EF637D2EE8FB}" = Skins
"{CCCF9048-DAFD-F1F5-B860-9B5C32FBD2D6}" = Catalyst Control Center Localization Portuguese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103AD9D-4DA4-48D5-A583-BCF3402A62C1}" = Blockyard
"{D22E6706-136E-4810-AF2E-359AE30A7323}" = ThinkVantage Status Gadget
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E2ACDD92-7A9F-FCE8-2452-8A660792038E}" = CCC Help Chinese Traditional
"{E4CB66D5-C29E-9612-5E32-6807E91A82CD}" = Catalyst Control Center Localization Swedish
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EA5AB32C-970E-D7C4-C896-1C927FB3E384}" = Catalyst Control Center Localization Dutch
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F9230D65-8EED-B6DD-F9FB-8AEFDE06579C}" = Catalyst Control Center Localization French
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FAA034EC-DB6A-A753-5DCE-DD7D75EDEA8E}" = ccc-core-static
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF878914-1DDC-44E2-92F6-69DE291DDCA7}" = CCC Help Dutch
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
"3EB6CB625B5778835F0A66A7529E69050E0EE033" = Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"ATI Uninstaller" = ATI Uninstaller
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"DMX5_is1" = DriverMax 5
"DSXploder" = NDS Xploder Gamesaves
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"EC1E678D1EFB79A1D02C312390944027C715CD5C" = Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009)
"EditPad Lite" = Just Great Software EditPad Lite 6.7.1
"EpicBot" = EpicBot
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FileHippo.com" = FileHippo.com Update Checker
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HECI" = Intel® Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"JCreator Pro_is1" = JCreator Pro 3.50
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MySQL Connector/Net_is1" = MySQL Connector/Net 5.0.8
"NoIPDUC" = No-IP DUC
"OnScreenDisplay" = On Screen Display
"OpenAL" = OpenAL
"PC-Doctor for Windows" = Lenovo System Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"SAM3" = SAM Broadcaster v4
"SaveVid Plug-in" = SaveVid Plug-in
"Shockwave" = Shockwave
"ShortKeys Lite" = ShortKeys Lite
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Steam App 25800" = Europa Universalis III
"Steam App 3910" = Sid Meier's Civilization III: Complete
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"The Hat_is1" = The Hat 2.3
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZD Soft Screen Recorder" = ZD Soft Screen Recorder 4.1.3.0
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for LENOVO
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Wurm Online 2.7.5g" = Wurm Online 2.7.5g

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#15
Bismillah

Bismillah

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 514 posts
Also would you reccomend a program 'RegClean Pro'

It ran and it gave me 880 registry errors..
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP