Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

gameflakeSA.exe virus - Help removing and cleaning PC [Solved]


  • This topic is locked This topic is locked

#1
KLM56

KLM56

    Member

  • Member
  • PipPip
  • 20 posts
Hi, I woke up this morning to find that I had this virus on my computer. In my task manager, there is a gameflakeSA.exe startup item. I am assuming its a virus. I keep getting pop up ads.

Any help will be great full.

Thanks
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi first I will need to look at the system

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
KLM56

KLM56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi, I tried to clean it up before you responded, but below is my logs you requested. An Extras.txt file was not generated.

OTL logfile created on: 1/1/2013 11:24:39 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CHINABOY\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 32.90% Memory free
6.00 Gb Paging File | 3.80 Gb Available in Paging File | 63.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 286.86 Gb Total Space | 95.47 Gb Free Space | 33.28% Space Free | Partition Type: NTFS
Drive G: | 668.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF1.50
Drive I: | 930.86 Gb Total Space | 624.17 Gb Free Space | 67.05% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.64 Gb Free Space | 37.30% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.52 Gb Free Space | 35.64% Space Free | Partition Type: NTFS

Computer Name: CHINABOY-LENOVO | User Name: CHINABOY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2013/01/01 11:19:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CHINABOY\Desktop\OTL.exe
PRC - [2012/12/21 22:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\CHINABOY\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2012/11/29 18:06:06 | 000,701,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
PRC - [2012/11/09 23:23:32 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16455_none_062bdf1d989801d0\TiWorker.exe
PRC - [2012/11/07 23:45:20 | 000,770,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2012/10/26 12:17:52 | 000,079,384 | ---- | M] (Google) -- C:\Users\CHINABOY\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/10/23 10:10:40 | 001,084,328 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Password Manager\password_manager.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/21 12:50:26 | 000,057,704 | ---- | M] (Authentec Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2012/09/20 19:44:06 | 000,186,248 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
PRC - [2012/09/07 08:09:02 | 000,366,480 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2012/09/07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2012/09/07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2012/07/25 23:17:18 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2012/07/25 23:17:18 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2012/07/25 23:17:18 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2012/07/25 23:17:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
PRC - [2012/07/25 23:17:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2012/07/25 22:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012/07/25 22:31:20 | 000,023,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinStore\WSHost.exe
PRC - [2012/07/25 22:30:33 | 000,013,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2012/07/25 22:30:19 | 000,029,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2012/07/25 22:21:03 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WWAHost.exe
PRC - [2012/07/25 22:21:03 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2012/07/25 22:21:02 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2012/07/25 22:21:02 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2012/07/25 22:21:02 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe
PRC - [2012/07/25 22:21:01 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2012/07/25 22:21:01 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2012/07/25 22:20:59 | 000,239,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2012/07/25 22:20:59 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2012/07/25 22:20:59 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2012/07/25 22:20:58 | 000,496,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2012/07/25 22:20:55 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2012/07/25 22:20:55 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
PRC - [2012/07/25 22:20:45 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2012/07/25 22:20:44 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/07/25 22:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2012/05/16 05:32:00 | 000,476,256 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2012/05/16 05:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2012/04/17 18:20:54 | 002,326,288 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
PRC - [2012/04/17 18:20:36 | 000,498,960 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/04/17 18:20:32 | 000,107,792 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2012/03/08 11:19:40 | 000,104,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
PRC - [2012/03/01 10:35:18 | 000,509,448 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2011/11/04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/10/20 10:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/08/12 13:42:50 | 000,648,744 | R--- | M] (Ericsson AB) -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe
PRC - [2011/07/12 18:03:34 | 000,064,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
PRC - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/07/12 10:20:50 | 000,387,944 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2011/06/22 05:57:14 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/06/19 07:22:21 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2011/06/10 12:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2011/05/25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/03/09 10:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 10:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 10:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/12/10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010/12/10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010/11/17 15:38:50 | 000,628,080 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/04/22 23:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/04/22 23:16:04 | 001,725,736 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2010/04/22 23:16:04 | 000,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/28 16:47:00 | 000,319,488 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2009/08/15 09:52:54 | 000,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/15 16:00:42 | 000,208,896 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
PRC - [2009/04/15 15:41:22 | 000,315,392 | R--- | M] (Lenovo) -- C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
PRC - [2009/04/15 14:57:58 | 000,077,824 | R--- | M] (ATK0101) -- C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
PRC - [2009/02/13 15:39:02 | 000,094,208 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
PRC - [2009/02/13 14:45:54 | 000,094,208 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
PRC - [2008/05/14 04:36:36 | 000,036,128 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/18 01:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\Drivers\XAudio.exe
PRC - [2007/09/28 15:21:42 | 000,162,280 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\SBITS\DDNIOEMService.exe
PRC - [2007/09/07 08:41:50 | 000,053,248 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/09/12 23:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\System32\brss01a.exe
PRC - [2002/04/11 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\System32\brsvc01a.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/16 05:32:00 | 000,101,888 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMROV.DLL
MOD - [2012/05/16 05:32:00 | 000,083,968 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2007/06/18 18:28:44 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2007/03/09 18:16:52 | 000,106,496 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll


========== Services (SafeList) ==========

SRV - [2012/12/30 02:02:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/23 15:20:54 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/11/17 18:15:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2012/09/07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2012/07/25 23:03:42 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:31:20 | 002,151,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012/07/25 22:30:33 | 000,013,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2012/07/25 22:20:30 | 001,536,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2012/07/25 22:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012/07/25 22:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012/07/25 22:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012/07/25 22:20:07 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2012/07/25 22:20:05 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 22:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012/07/25 22:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012/07/25 22:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012/07/25 22:19:22 | 000,364,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2012/07/25 22:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012/07/25 22:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012/07/25 22:18:55 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2012/07/25 22:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012/07/25 22:18:28 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012/07/25 22:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012/07/25 22:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012/07/25 22:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012/07/25 22:18:01 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012/07/25 22:17:58 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012/07/25 22:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012/05/16 05:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/05/16 05:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/04/17 18:20:54 | 002,326,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012/04/17 18:20:42 | 000,241,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012/04/17 18:20:36 | 000,498,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/04/17 18:20:32 | 000,107,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012/04/13 17:09:02 | 005,259,048 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2012/03/08 11:19:40 | 000,104,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012/03/01 10:35:18 | 000,509,448 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012/01/05 16:15:14 | 003,002,192 | ---- | M] (Conceiva Pty. Ltd.) [On_Demand | Stopped] -- C:\Program Files\Conceiva\Mezzmo\MezzmoMediaServer.exe -- (Mezzmo)
SRV - [2011/08/12 13:42:50 | 000,648,744 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/06/22 05:57:14 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/19 07:22:21 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/06/10 12:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2011/03/09 10:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 10:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 10:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/11/17 15:38:50 | 000,628,080 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/24 04:08:22 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/09/24 04:08:08 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/09/24 04:02:26 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/09/24 04:02:16 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/09/24 04:01:04 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/04/15 16:00:42 | 000,208,896 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS)
SRV - [2009/02/13 15:39:02 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/02/13 14:45:54 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2008/11/18 14:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/05/24 18:17:54 | 000,520,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/24 17:28:20 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/28 15:21:42 | 000,162,280 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\SBITS\DDNIOEMService.exe -- (DDNIOEMService)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2012/12/08 03:01:04 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\gfibto.sys -- (gfibto)
DRV - [2012/09/19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/09/06 10:49:06 | 000,020,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2012/07/25 23:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012/07/25 22:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012/07/25 22:48:33 | 000,121,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2012/07/25 22:48:29 | 000,049,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012/07/25 22:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012/07/25 22:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012/07/25 22:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012/07/25 22:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012/07/25 22:42:19 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2012/07/25 22:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012/07/25 22:42:19 | 000,267,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2012/07/25 22:42:19 | 000,179,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012/07/25 22:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012/07/25 22:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012/07/25 22:42:18 | 000,066,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2012/07/25 22:42:15 | 000,238,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2012/07/25 22:42:15 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012/07/25 22:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012/07/25 22:42:15 | 000,046,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012/07/25 22:42:14 | 000,024,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012/07/25 22:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012/07/25 22:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012/07/25 22:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012/07/25 22:39:55 | 000,023,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/07/25 22:39:35 | 000,057,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2012/07/25 22:39:13 | 000,030,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012/07/25 22:34:01 | 000,199,920 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2012/07/25 22:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012/07/25 22:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012/07/25 22:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012/07/25 22:30:33 | 000,028,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2012/07/25 21:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012/07/25 21:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012/07/25 21:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012/07/25 21:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012/07/25 21:35:48 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2012/07/25 21:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012/07/25 21:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012/07/25 21:35:23 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012/07/25 21:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012/07/25 21:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012/07/25 21:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012/07/25 21:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012/07/25 21:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012/07/25 21:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012/07/25 21:34:16 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012/07/25 21:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012/07/25 21:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012/07/25 21:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012/07/25 21:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2012/07/25 21:33:37 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\winusb.sys -- (WinUsb)
DRV - [2012/07/25 21:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/07/25 21:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012/07/25 21:33:00 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012/07/25 21:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/25 21:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012/07/25 21:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012/07/25 21:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012/07/25 21:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012/07/25 21:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012/07/23 11:11:44 | 000,129,384 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ApsX86.sys -- (Shockprf)
DRV - [2012/06/27 21:06:16 | 010,900,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/05/16 05:32:00 | 000,017,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\Drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2012/01/23 16:43:06 | 007,523,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011/08/12 14:55:04 | 000,232,488 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2011/08/03 22:32:15 | 000,032,824 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\psadd.sys -- (psadd)
DRV - [2011/07/15 13:13:12 | 000,135,680 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/06/27 10:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2011/06/13 21:58:02 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\wwanussf.sys -- (ecnssndisfltr)
DRV - [2011/06/13 21:58:02 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\wwanuss.sys -- (ecnssndis)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/04/29 10:43:24 | 000,419,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV - [2011/04/29 10:43:14 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV - [2011/04/29 10:43:08 | 000,364,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\Drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/01/28 16:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 16:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/15 18:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/08 17:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/01 17:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\iaNvStor.sys -- (iaNvStor)
DRV - [2009/06/04 21:44:28 | 000,014,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\PuAcpi32.sys -- (MTsensor32)
DRV - [2008/07/31 02:12:58 | 000,173,584 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\USBSTK.sys -- (DCamUSBGene)
DRV - [2008/07/14 18:31:06 | 000,378,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\lnvocard.sys -- (lnvocard)
DRV - [2008/07/14 18:31:06 | 000,302,464 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\lnvobus.sys -- (lnvobus)
DRV - [2008/07/10 13:27:30 | 000,072,232 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\lnvogps.sys -- (lnvogps)
DRV - [2008/06/26 14:08:36 | 000,024,232 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\lnvoscard.sys -- (Sony_EricssonWWSC)
DRV - [2008/06/19 13:03:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/18 18:40:24 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/02 02:47:38 | 000,203,776 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/02/15 19:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/10/18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/07 08:38:12 | 000,057,856 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\Utimaco\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 13:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP)
DRV - [2007/06/18 18:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 18:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 18:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 18:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 18:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 18:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 18:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 18:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 22:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nsndis5.sys -- (NSNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rms}&FORM=LENIE
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2548838

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000016eac51682
IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2548838
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56929

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "SearchAmong"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.searchamo...results.php?q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56929


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ascendo-inc/DataVault;version=1: C:\Program Files\DataVault\npapi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\CHINABOY\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\CHINABOY\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\CHINABOY\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\CHINABOY\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\CHINABOY\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DataVault\firefox [2012/03/10 10:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/27 00:25:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/01 09:43:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/01 07:11:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F74D5734-46F5-4B16-96F0-1E7FBF41B750}: C:\Program Files\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2013/01/01 07:55:04 | 000,000,000 | ---D | M]

[2011/05/30 22:31:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Extensions
[2012/12/08 03:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\extensions
[2012/10/27 10:37:36 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/11/13 06:12:22 | 000,000,000 | ---D | M] (TVersitybar Community Toolbar) -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
[2012/12/08 03:00:34 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\extensions\[email protected]
[2012/07/21 09:27:31 | 000,000,778 | ---- | M] () -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\searchplugins\SearchAmong.xml
[2013/01/01 08:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/14 21:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/27 00:25:48 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012/11/17 18:15:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 22:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 22:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 22:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 22:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/09/12 22:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/12 22:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/05/27 16:47:18 | 000,002,355 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/11/02 03:25:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/17 18:15:01 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\CHINABOY\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\CHINABOY\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Ascendo DataVault (Enabled) = C:\Program Files\DataVault\npapi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files\Photodex Presenter\npPxPlay.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\CHINABOY\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: ThinkVantage Password Manager = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab\4.10.6_0\
CHR - Extension: DataVault Extension = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.8.1_0\
CHR - Extension: Skype Click to Call = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: WhiteSmoke US New E1 = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocoombckbcnabpaghmokhaapnbngahck\10.13.20.29_0\

O1 HOSTS File: ([2012/11/19 20:10:05 | 000,438,329 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O1 - Hosts: For Windows 7
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na2m-pr.licenses.adobe.com
O1 - Hosts: 127.0.0.1 adobe.tt.omtrdc.net
O1 - Hosts: 127.0.0.1 products.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 15073 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DataVault Bar) - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files\DataVault\ie.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DataVault Bar) - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files\DataVault\ie.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [PasswordManager] C:\Program Files\Lenovo\Password Manager\password_manager.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - Startup: C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CHINABOY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Save to DataVault - C:\Program Files\DataVault [2012/03/10 10:12:25 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: arise.com ([ns] https in Trusted sites)
O15 - HKCU\..Trusted Domains: west.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: workathomeagent.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: x10.com ([gate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: x10.com ([multiview] http in Trusted sites)
O15 - HKCU\..Trusted Domains: x10.com ([myhouse] http in Trusted sites)
O16 - DPF: {001000AF-2DEF-0200-10B6-DC5BA692C858} http://control.x10.com/vidnx.cab (Vidnc Class)
O16 - DPF: {001000AF-2DEF-0202-10B6-DC5BA692C858} http://www.x10.com/s.../X10NetTest.cab (X10NetTest Class)
O16 - DPF: {001000AF-2DEF-0206-10B6-DC5BA692C858} http://gate.x10.com/control/xvidnx.cab (Xvidnc Class)
O16 - DPF: {001000AF-2DEF-0209-10B6-DC5BA692C858} http://site.x10.com/cabs/antx.cab (Antx Class)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.2.cab (AlternaTIFF ActiveX)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97CD6EBD-E1AC-45BA-863E-8B4BD4E93825}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\SWTOOLS\Wallpaper\BlueMap1680X1050.jpg
O24 - Desktop BackupWallPaper: C:\SWTOOLS\Wallpaper\BlueMap1680X1050.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - G:\autorun.inf -- [ UDF1.50 ]
O33 - MountPoints2\{a100c16c-8ca0-11e0-9d9a-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{a100c16c-8ca0-11e0-9d9a-028037ec0200}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009/10/14 16:28:45 | 003,271,968 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: wlidsvc - C:\Windows\System32\wlidsvc.dll (Microsoft Corporation)
NetSvcs: SystemEventsBroker - C:\Windows\System32\SystemEventsBrokerServer.dll (Microsoft Corporation)
NetSvcs: DsmSvc - C:\Windows\System32\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs: NcaSvc - C:\Windows\System32\NcaSvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/01 11:19:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CHINABOY\Desktop\OTL.exe
[2013/01/01 10:00:40 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Roaming\VS Revo Group
[2013/01/01 08:58:05 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\CHINABOY\AppData\Local\log4cxx.dll
[2013/01/01 08:34:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/01/01 08:19:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\BuzzSocialPointsChecker
[2013/01/01 08:17:24 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Local\SwvUpdater
[2013/01/01 08:16:47 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Local\CRE
[2013/01/01 07:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPBA
[2012/12/31 22:09:11 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Roaming\Serif
[2012/12/31 21:57:48 | 000,695,648 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/31 21:57:48 | 000,080,736 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/31 21:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/12/31 21:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
[2012/12/31 21:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2012/12/31 16:19:18 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\synceng.dll
[2012/12/31 16:19:14 | 008,854,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\twinui.dll
[2012/12/31 16:17:59 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pcadm.dll
[2012/12/31 16:17:59 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pcalua.exe
[2012/12/31 16:17:59 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pcaevts.dll
[2012/12/31 16:17:56 | 003,401,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/12/31 16:17:54 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnet.dll
[2012/12/31 16:17:54 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnathlp.dll
[2012/12/31 16:17:54 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2012/12/31 16:17:54 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhupnp.dll
[2012/12/31 16:17:54 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhpast.dll
[2012/12/31 16:17:54 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnlobby.dll
[2012/12/31 16:17:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnaddr.dll
[2012/12/31 16:17:44 | 002,400,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msmpeg2vdec.dll
[2012/12/31 16:09:38 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\poqexec.exe
[2012/12/31 16:08:44 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ReAgentc.exe
[2012/12/31 16:07:42 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/31 16:07:41 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\WINDOWS\System32\atmlib.dll
[2012/12/31 16:07:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dciman32.dll
[2012/12/31 16:07:31 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2012/12/31 16:06:58 | 002,881,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript9.dll
[2012/12/31 16:06:54 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/12/31 16:06:53 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2012/12/31 16:06:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iesysprep.dll
[2012/12/31 16:06:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2012/12/31 16:06:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\UXInit.dll
[2012/12/31 16:06:53 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012/12/31 16:06:53 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012/12/31 16:06:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2012/12/31 16:06:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzres.dll
[2012/12/31 16:06:29 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reseteng.dll
[2012/12/31 16:06:29 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\resetengmig.dll
[2012/12/31 16:06:29 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ReAgent.dll
[2012/12/31 16:06:29 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysreset.exe
[2012/12/30 19:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SitemapX
[2012/12/30 19:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\SitemapX
[2012/12/30 08:29:22 | 000,000,000 | ---D | C] -- C:\OSFIXES
[2012/12/30 07:41:06 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\Desktop\PDF Samples
[2012/12/30 03:27:59 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012/12/30 03:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eltima Software
[2012/12/30 03:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Eltima Software
[2012/12/30 01:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\AuthenTec
[2012/12/30 01:38:49 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Local\Packages
[2012/12/30 01:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2012/12/30 01:16:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2012/12/30 00:40:43 | 000,000,000 | --SD | C] -- C:\Users\CHINABOY\AppData\Roaming\Microsoft
[2012/12/30 00:40:43 | 000,000,000 | R--D | C] -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2012/12/30 00:40:43 | 000,000,000 | R--D | C] -- C:\Users\CHINABOY\Favorites
[2012/12/30 00:40:43 | 000,000,000 | R--D | C] -- C:\Users\CHINABOY\Desktop
[2012/12/30 00:40:43 | 000,000,000 | R--D | C] -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/12/30 00:40:43 | 000,000,000 | R--D | C] -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\AppData\Local\Temporary Internet Files
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Templates
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Start Menu
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\SendTo
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Recent
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\PrintHood
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\NetHood
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Documents\My Videos
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Documents\My Pictures
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Documents\My Music
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Local Settings
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\AppData\Local\History
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Cookies
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Application Data
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\AppData\Local\Application Data
[2012/12/30 00:40:43 | 000,000,000 | -H-D | C] -- C:\Users\CHINABOY\AppData
[2012/12/30 00:40:43 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Local\Temp
[2012/12/30 00:40:43 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Local\Microsoft
[2012/12/30 00:40:43 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/12/30 00:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Protector Suite
[2012/12/30 00:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/12/30 00:37:15 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvuninst.exe
[2012/12/30 00:31:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/12/30 00:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/12/30 00:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/12/30 00:21:33 | 000,035,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TsWpfWrp.exe
[2012/12/30 00:21:32 | 000,102,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
[2012/12/30 00:21:29 | 000,778,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationNative_v0300.dll
[2012/12/30 00:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/12/29 22:51:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2012/12/29 16:48:57 | 000,000,000 | RH-D | C] -- C:\ESD
[2012/12/26 07:04:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/12/24 09:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z3X
[2012/12/24 08:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Z3X
[2012/12/21 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\Documents\NAA
[2012/12/21 00:21:32 | 000,000,000 | ---D | C] -- C:\android-sdk
[2012/12/20 08:18:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012/12/20 06:42:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012/12/20 06:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012/12/20 06:18:44 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.exe
[2012/12/19 08:11:13 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\Desktop\Keemo phone
[2012/12/08 03:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/12/08 03:08:09 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Roaming\LavasoftStatistics
[2012/12/08 03:01:05 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/12/08 03:01:05 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2012/12/08 03:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/12/08 03:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/12/08 03:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/12/08 03:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/12/08 02:59:45 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Roaming\Ad-Aware Antivirus
[2012/12/07 03:33:02 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\CHINABOY\Desktop\tdsskiller.exe
[1 C:\Users\CHINABOY\Documents\*.tmp files -> C:\Users\CHINABOY\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/01 11:33:05 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3624466487-223628867-935231893-1003UA.job
[2013/01/01 11:22:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/01 11:19:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CHINABOY\Desktop\OTL.exe
[2013/01/01 11:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/01 10:22:49 | 000,769,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/01 10:22:49 | 000,151,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/01 10:17:45 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/01 10:17:36 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/01 10:15:55 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013/01/01 10:15:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/01 10:15:27 | 2415,353,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/01 09:43:45 | 000,000,000 | ---- | M] () -- C:\END
[2013/01/01 09:08:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3624466487-223628867-935231893-1003UA.job
[2013/01/01 08:15:29 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/01 08:14:20 | 000,000,218 | ---- | M] () -- C:\Users\CHINABOY\.recently-used.xbel
[2013/01/01 08:04:04 | 004,071,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/01 07:55:32 | 000,000,146 | ---- | M] () -- C:\WINDOWS\launchpw.cmd
[2013/01/01 07:55:05 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Delpw32.cmd
[2012/12/31 21:52:39 | 000,169,378 | ---- | M] () -- C:\Users\Public\Documents\Explorer.dmp
[2012/12/31 21:52:39 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2012/12/31 18:55:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2012/12/31 18:08:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3624466487-223628867-935231893-1003Core.job
[2012/12/31 16:45:27 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3624466487-223628867-935231893-1003Core.job
[2012/12/30 03:23:39 | 000,001,440 | ---- | M] () -- C:\Users\CHINABOY\Desktop\Flash Decompiler Trillix.lnk
[2012/12/30 01:38:41 | 000,000,660 | RHS- | M] () -- C:\Users\CHINABOY\ntuser.pol
[2012/12/30 01:15:29 | 000,034,293 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2012/12/30 01:15:29 | 000,034,293 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2012/12/30 01:15:04 | 000,021,412 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/12/30 00:38:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WwanUsbMp_01009.Wdf
[2012/12/30 00:38:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2012/12/30 00:38:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/12/30 00:38:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/12/29 23:16:03 | 000,010,928 | ---- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/29 23:16:03 | 000,010,928 | ---- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/29 22:58:01 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/12/28 14:16:30 | 005,581,543 | ---- | M] () -- C:\Users\CHINABOY\Documents\Sparkle_Contract.pdf
[2012/12/28 11:45:55 | 000,001,456 | -H-- | M] () -- C:\Users\CHINABOY\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/12/24 09:05:23 | 000,001,223 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Tool.lnk
[2012/12/23 17:10:35 | 000,001,071 | ---- | M] () -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/23 17:04:42 | 000,001,188 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2012/12/16 03:20:01 | 000,035,328 | ---- | M] (Adobe Systems) -- C:\WINDOWS\System32\atmlib.dll
[2012/12/16 02:57:09 | 000,300,032 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/08 03:01:04 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/12/08 03:01:04 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2012/12/07 03:33:24 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\CHINABOY\Desktop\tdsskiller.exe
[2012/12/07 03:24:31 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/12/05 09:01:22 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/12/05 09:01:22 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[1 C:\Users\CHINABOY\Documents\*.tmp files -> C:\Users\CHINABOY\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/01 08:58:05 | 000,196,608 | ---- | C] () -- C:\Users\CHINABOY\AppData\Local\common_functions.dll
[2013/01/01 08:16:04 | 000,000,000 | ---- | C] () -- C:\END
[2013/01/01 08:15:29 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/01 08:14:20 | 000,000,218 | ---- | C] () -- C:\Users\CHINABOY\.recently-used.xbel
[2013/01/01 08:03:36 | 004,071,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/01 07:55:32 | 000,000,146 | ---- | C] () -- C:\WINDOWS\launchpw.cmd
[2013/01/01 07:55:05 | 000,000,412 | ---- | C] () -- C:\WINDOWS\Delpw32.cmd
[2012/12/31 21:52:39 | 000,000,000 | ---- | C] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2012/12/31 21:52:38 | 000,169,378 | ---- | C] () -- C:\Users\Public\Documents\Explorer.dmp
[2012/12/31 21:46:26 | 000,002,473 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PagePlus X5.lnk
[2012/12/31 18:55:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2012/12/30 03:23:39 | 000,001,440 | ---- | C] () -- C:\Users\CHINABOY\Desktop\Flash Decompiler Trillix.lnk
[2012/12/30 01:40:18 | 000,001,440 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/12/30 01:38:41 | 000,000,660 | RHS- | C] () -- C:\Users\CHINABOY\ntuser.pol
[2012/12/30 00:43:59 | 000,034,293 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2012/12/30 00:43:59 | 000,034,293 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2012/12/30 00:40:43 | 000,000,352 | ---- | C] () -- C:\Users\CHINABOY\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/12/30 00:40:43 | 000,000,334 | ---- | C] () -- C:\Users\CHINABOY\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/12/30 00:38:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WwanUsbMp_01009.Wdf
[2012/12/30 00:38:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2012/12/30 00:38:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/12/30 00:38:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/12/30 00:29:54 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2012/12/28 14:16:30 | 005,581,543 | ---- | C] () -- C:\Users\CHINABOY\Documents\Sparkle_Contract.pdf
[2012/12/24 09:05:23 | 000,001,223 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Tool.lnk
[2012/12/23 17:04:42 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2012/11/23 07:54:40 | 000,114,688 | ---- | C] () -- C:\Users\CHINABOY\AppData\Local\ie_runner_app.exe
[2012/11/22 18:58:48 | 000,001,041 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\vso_ts_preview.xml
[2012/11/12 12:28:29 | 000,001,456 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/10/27 10:00:29 | 000,000,132 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/10/21 06:25:55 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/07/26 01:55:27 | 000,769,030 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/26 01:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/07/26 01:55:27 | 000,151,114 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/26 01:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/07/26 01:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/07/26 01:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012/07/26 01:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 20:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012/07/25 19:48:53 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2012/07/25 15:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 15:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012/07/20 05:37:29 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2012/07/20 05:37:21 | 000,000,578 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/07/20 05:37:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012/07/20 05:35:30 | 000,000,228 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/07/20 05:35:30 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/07/20 05:35:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2012/07/20 05:29:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/07/20 05:29:25 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2012/07/13 21:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012/06/11 20:51:28 | 000,000,132 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/06/02 15:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012/06/02 09:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012/03/08 18:55:08 | 000,563,664 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\wanancsp.dat
[2012/02/12 13:40:33 | 000,002,949 | ---- | C] () -- C:\Users\CHINABOY\.TransferManager.db
[2012/02/09 19:59:19 | 000,220,496 | ---- | C] () -- C:\WINDOWS\hpoins19.dat
[2012/02/09 19:59:19 | 000,013,898 | ---- | C] () -- C:\WINDOWS\hpomdl19.dat
[2012/02/09 11:47:24 | 000,034,336 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2012/02/04 00:28:13 | 000,000,000 | ---- | C] () -- C:\Users\CHINABOY\.gtk-bookmarks
[2012/01/26 09:40:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2012/01/25 19:22:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012/01/25 19:21:22 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012/01/25 19:21:21 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/12/29 07:13:48 | 000,007,611 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\Resmon.ResmonCfg
[2011/12/14 22:19:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/14 22:19:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/14 22:19:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/14 22:19:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/14 22:19:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/29 16:38:18 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/11/29 16:38:12 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/11/29 16:38:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/11/29 16:38:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/11/29 16:38:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/11/17 19:43:12 | 000,000,043 | ---- | C] () -- C:\WINDOWS\MezzmoMediaServer.INI
[2011/10/15 19:31:48 | 000,000,000 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\{CB6F9CD2-4308-4154-B6C5-F3772D7D24AD}
[2011/07/22 14:19:20 | 000,036,575 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/06/18 07:10:42 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\f9t.dat
[2011/06/16 21:09:00 | 000,007,887 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\pcouffin.cat
[2011/06/16 21:09:00 | 000,001,144 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\pcouffin.inf
[2011/06/12 16:07:01 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2011/06/05 17:27:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/05 17:27:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/02 22:59:33 | 000,000,096 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\fusioncache.dat
[2011/06/01 22:43:15 | 000,000,227 | ---- | C] () -- C:\ProgramData\tvt_userinfo.ini
[2011/06/01 18:12:41 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/06/01 17:58:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/30 18:36:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/30 17:46:46 | 000,013,312 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 15:26:00 | 000,014,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\PuAcpi32.sys
[2011/05/30 15:07:15 | 000,035,265 | R--- | C] () -- C:\WINDOWS\ConnectionProfiles.dat
[2011/05/30 12:38:26 | 000,021,412 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 22:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/07/25 22:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2012/07/25 22:17:50 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2012/07/25 22:17:52 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2012/07/25 22:20:42 | 000,071,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2012/07/25 22:19:47 | 000,630,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2012/07/25 22:18:01 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2012/07/25 22:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012/07/25 22:18:26 | 000,394,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/25 22:18:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/07/25 22:18:10 | 000,051,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2012/07/25 22:19:51 | 000,656,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2012/07/25 22:18:18 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2012/07/25 22:18:20 | 000,160,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2012/07/25 22:18:24 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2012/07/25 22:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2012/07/25 22:18:44 | 000,392,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2012/07/25 22:18:44 | 000,370,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2012/07/25 22:20:04 | 000,404,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2012/07/25 22:19:04 | 000,060,928 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2012/07/25 22:19:22 | 000,199,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2012/07/25 22:19:22 | 000,364,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2012/07/25 22:19:24 | 000,286,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2012/07/25 23:17:16 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2012/07/25 22:20:10 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/07/25 22:20:58 | 000,496,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV - [2012/07/25 22:19:48 | 000,087,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2012/07/25 22:19:48 | 000,302,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2012/07/25 22:19:51 | 000,656,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2012/07/25 22:19:53 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2012/07/25 23:17:16 | 000,023,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2012/07/25 22:20:38 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2012/07/25 22:20:03 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2012/07/25 22:19:59 | 000,506,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2012/07/25 22:19:52 | 000,942,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2012/07/25 22:20:06 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2012/07/25 22:20:06 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/07/25 22:19:45 | 000,170,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2012/07/25 22:21:00 | 001,150,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2012/07/25 22:17:58 | 000,596,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2012/07/25 22:17:58 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012/07/25 22:19:53 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2012/07/25 22:30:33 | 000,013,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2012/07/25 22:20:18 | 001,372,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (EventLog)
SRV - [2012/07/25 22:19:05 | 000,699,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2012/07/25 22:20:19 | 000,472,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2012/07/25 22:20:50 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (msiserver)
SRV - [2012/07/25 22:20:32 | 000,166,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (winmgmt)
SRV - [2012/07/25 22:20:40 | 002,704,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2012/07/25 22:18:21 | 000,211,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2012/07/25 22:20:30 | 001,203,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (WlanSvc)
SRV - [2012/07/25 22:20:28 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2012/07/25 22:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\explorer.exe
[2012/07/25 22:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\x86_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_4e5fb2f34b233380\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows.old\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\etc\services
[2012/07/25 23:17:20 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\$WINDOWS.~BT\Windows\System32\Drivers\etc\services
[2012/07/25 23:17:16 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_31eaa9573678b6f3\services
[2009/06/10 16:39:37 | 000,017,463 | R--- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
[2012/07/25 23:17:20 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\Drivers\etc\services
[2012/07/25 23:17:16 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\x86_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_31eaa9573678b6f3\services

< MD5 for: SERVICES.AIP >
[2012/03/29 19:35:50 | 000,375,952 | ---- | M] (Adobe Systems Incorporated) MD5=5965DFD83E10938A579952EB58C10298 -- C:\Program Files\Adobe\Adobe Illustrator CS6\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.ASFX >
[2012/09/23 20:44:02 | 000,002,648 | ---- | M] () MD5=0865ABFC40AE2C730EF33F0E29C2C780 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012/09/23 20:43:52 | 000,002,588 | ---- | M] () MD5=0D18AE3100D7B9D49DCB1CE1EABA21F7 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pt_BR\Services\Services.asfx
[2012/09/23 20:43:44 | 000,002,677 | ---- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx
[2012/09/23 20:43:54 | 000,002,619 | ---- | M] () MD5=2468CEF75419234DCA72F892392DFB6C -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012/09/23 20:43:50 | 000,002,525 | ---- | M] () MD5=34EB1E120DAE2C8346BA3747D562355B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\da_DK\Services\Services.asfx
[2012/09/23 20:43:44 | 000,002,851 | ---- | M] () MD5=364469E5C8724EB95F2E142438C8CECF -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012/09/23 20:43:48 | 000,002,556 | ---- | M] () MD5=3BE849A0D8DEEF6E14BEC19D565A965D -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sv_SE\Services\Services.asfx
[2012/09/23 20:43:50 | 000,002,577 | ---- | M] () MD5=4160D76537EB300F681419BEA7589192 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012/09/23 20:43:58 | 000,002,601 | ---- | M] () MD5=4E7A75C5564D7E08200E3B7F656BF227 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012/09/23 20:43:56 | 000,002,760 | ---- | M] () MD5=69BCCC8BA799AD320C723B14DAE327EB -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012/09/23 20:44:02 | 000,003,264 | ---- | M] () MD5=6A3669AC3D692776A76DB4C513B73718 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012/09/23 20:44:06 | 000,002,497 | ---- | M] () MD5=6ECF361623A3B738642C61790DF3BF73 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012/09/23 20:43:46 | 000,002,533 | ---- | M] () MD5=72E505C96C0A40BE1DFD0F5FB982F527 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\it_IT\Services\Services.asfx
[2012/09/23 20:43:58 | 000,003,374 | ---- | M] () MD5=7DE29C93BAEEB470EE77CF5C1B1C03A1 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ru_RU\Services\Services.asfx
[2012/07/27 15:51:52 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
[2012/09/23 20:43:52 | 000,002,653 | ---- | M] () MD5=881E2DDB014FD5D09B84AA45F2E86077 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012/09/23 20:43:48 | 000,002,628 | ---- | M] () MD5=8A84C89E1D2A0916D4464D5AD46FB8AC -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012/09/23 20:44:02 | 000,002,539 | ---- | M] () MD5=8DEA878E25C893461D45C8974160B559 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sl_SI\Services\Services.asfx
[2012/09/23 20:43:42 | 000,002,616 | ---- | M] () MD5=939A97CCEC5E78C7D41262B21158D749 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012/09/23 20:44:00 | 000,002,516 | ---- | M] () MD5=9B850C525959D9F53CD576DEF11F6ED4 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012/09/23 20:44:04 | 000,002,640 | ---- | M] () MD5=A86B5BD2B198C0870542D6478C3CC6BC -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012/09/23 20:43:50 | 000,002,493 | ---- | M] () MD5=A8C9725DBFAA9DB585F9691060B1FFA3 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012/07/27 15:51:54 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx
[2012/09/23 20:43:54 | 000,002,488 | ---- | M] () MD5=B1468F053A250799FCE421BEC8AA9A57 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012/09/23 20:43:54 | 000,002,457 | ---- | M] () MD5=BE0958E015FED942FAD670540F2BCEC1 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012/09/23 20:44:04 | 000,002,543 | ---- | M] () MD5=C2EDC3B5BB19B6F41226433A889EFE48 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012/09/23 20:43:56 | 000,002,543 | ---- | M] () MD5=C66A95C06294259E63522BBB0E8B3ED8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012/09/23 20:43:46 | 000,002,546 | ---- | M] () MD5=DE20C36CDD3208B4E8544397E551C40B -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\es_ES\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012/07/27 15:51:52 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.CFSERVICE.JAR >
[2012/03/16 02:33:04 | 000,142,226 | ---- | M] () MD5=18D9FCB12CE658BA4D24D8DC2D641BA6 -- C:\Program Files\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.CFService_4.6.1.335153\services.CFService.jar

< MD5 for: SERVICES.CSS >
[2005/06/29 13:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\Intuit\QuickBooks 2009\Components\Services\services.css
[2011/10/18 22:04:44 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\ProgramData\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
[2011/10/18 22:04:44 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Users\All Users\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
[2011/10/18 22:04:44 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Windows.old\Documents and Settings\All Users\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
[2011/10/18 22:04:44 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Windows.old\ProgramData\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css
[2011/10/18 22:04:44 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Windows.old\Users\All Users\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css

< MD5 for: SERVICES.DLL >
[2007/06/15 04:42:34 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\Program Files\Common Files\Lenovo\InvAgent\local\collect\services.dll
[2012/11/13 18:38:36 | 000,008,704 | ---- | M] () MD5=E41D70348B1B51C0C76B617EA572B105 -- C:\Program Files\Lenovo\System Update\egather\local\collect\services.dll

< MD5 for: SERVICES.DLL.CONFIG >
[2012/11/01 18:05:50 | 000,000,305 | ---- | M] () MD5=126EB374FFE77DAA27113E5AD6307C0B -- C:\Program Files\Lenovo\System Update\egather\local\collect\services.dll.config

< MD5 for: SERVICES.EXE >
[2012/07/25 23:17:18 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=575FB4211BB07DB7D2179B1B05FE7EFD -- C:\$WINDOWS.~BT\Windows\System32\services.exe
[2012/07/25 23:17:18 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=575FB4211BB07DB7D2179B1B05FE7EFD -- C:\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_3bc3d14fce0a0436\services.exe
[2012/07/25 23:17:18 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=575FB4211BB07DB7D2179B1B05FE7EFD -- C:\Windows\System32\services.exe
[2012/07/25 23:17:18 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=575FB4211BB07DB7D2179B1B05FE7EFD -- C:\Windows\WinSxS\x86_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_3bc3d14fce0a0436\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows.old\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2012/07/26 00:12:24 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\$WINDOWS.~BT\Windows\System32\en-US\services.exe.mui
[2012/07/26 00:12:24 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_66a852f7f75bf282\services.exe.mui
[2012/07/26 01:46:01 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\System32\en-US\services.exe.mui
[2012/07/26 01:46:01 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\WinSxS\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_66a852f7f75bf282\services.exe.mui

< MD5 for: SERVICES.HTML >
[2010/11/24 23:00:00 | 000,004,861 | ---- | M] () MD5=DC8FE975A43E35EB80E5862AFD6639E4 -- C:\xampp\htdocs\KLM\services.html

< MD5 for: SERVICES.INI >
[2011/10/18 22:04:44 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\ProgramData\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
[2011/10/18 22:04:44 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Users\All Users\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
[2011/10/18 22:04:44 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Windows.old\Documents and Settings\All Users\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
[2011/10/18 22:04:44 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Windows.old\ProgramData\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini
[2011/10/18 22:04:44 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Windows.old\Users\All Users\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini

< MD5 for: SERVICES.JS >
[2012/07/26 01:52:29 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x86__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 01:52:15 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x86__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 01:52:09 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x86__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 01:53:00 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x86__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 01:52:18 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x86__8wekyb3d8bbwe\platform\js\services.js

< MD5 for: SERVICES.LNK >
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 15:22:12 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 15:22:12 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 15:22:12 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 15:22:12 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 15:22:12 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 15:22:12 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_cc0eee851721a9a4\services.lnk

< MD5 for: SERVICES.LOG >
[2012/02/09 20:37:46 | 000,079,213 | ---- | M] () MD5=5EC588D8ABB99832A48450EA2F7B30C8 -- C:\ProgramData\HP\Installer\Temp\services.log
[2012/02/09 20:37:46 | 000,079,213 | ---- | M] () MD5=5EC588D8ABB99832A48450EA2F7B30C8 -- C:\Users\All Users\HP\Installer\Temp\services.log
[2012/02/09 20:37:46 | 000,079,213 | ---- | M] () MD5=5EC588D8ABB99832A48450EA2F7B30C8 -- C:\Windows.old\Documents and Settings\All Users\HP\Installer\Temp\services.log
[2012/02/09 20:37:46 | 000,079,213 | ---- | M] () MD5=5EC588D8ABB99832A48450EA2F7B30C8 -- C:\Windows.old\ProgramData\Application Data\HP\Installer\Temp\services.log
[2012/02/09 20:37:46 | 000,079,213 | ---- | M] () MD5=5EC588D8ABB99832A48450EA2F7B30C8 -- C:\Windows.old\Users\All Users\HP\Installer\Temp\services.log

< MD5 for: SERVICES.MOF >
[2012/07/26 00:10:16 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\$WINDOWS.~BT\Windows\System32\wbem\services.mof
[2012/07/26 00:10:16 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_cc0acc489eafc5cb\services.mof
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
[2012/06/02 09:33:56 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2012/06/02 09:33:56 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_cc0acc489eafc5cb\services.mof

< MD5 for: SERVICES.MSC >
[2012/07/26 01:46:30 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\System32\en-US\services.msc
[2012/06/02 09:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\System32\services.msc
[2012/07/26 01:46:30 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
[2012/06/02 09:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_cc0eee851721a9a4\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PHPSERVICE.JAR >
[2012/03/16 02:33:06 | 000,149,053 | ---- | M] () MD5=EDDA59974541208844A9FE430268D469 -- C:\Program Files\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.PHPService_4.6.1.335153\services.PHPService.jar

< MD5 for: SERVICES.PTXML >
[2012/07/26 00:10:16 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\$WINDOWS.~BT\Windows\System32\wdi\perftrack\Services.ptxml
[2012/07/26 00:10:16 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_cc0acc489eafc5cb\Services.ptxml
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
[2012/07/25 15:34:53 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2012/07/25 15:34:53 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_cc0acc489eafc5cb\Services.ptxml

< MD5 for: SERVICES.STATICCONTENTSERVICE.JAR >
[2012/03/16 02:33:06 | 000,072,917 | ---- | M] () MD5=15E17BFD2088059A73A22119D0D1613A -- C:\Program Files\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.StaticContentService_4.6.1.335153\services.StaticContentService.jar

< MD5 for: SERVICES.WEBSERVICE.DERIVED.JAR >
[2012/03/16 02:33:06 | 000,183,653 | ---- | M] () MD5=1BEE56EAF2A85F3662291392C8804E1E -- C:\Program Files\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.WEBService.derived_4.6.1.335153\services.WEBService.derived.jar

< MD5 for: SVCHOST.EXE >
[2012/07/26 00:10:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\$WINDOWS.~BT\Windows\System32\svchost.exe
[2012/07/26 00:10:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\System32\svchost.exe
[2012/07/25 22:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2012/07/26 00:10:14 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\$WINDOWS.~BT\Windows\System32\userinit.exe
[2012/07/26 00:10:14 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
[2012/07/25 22:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\System32\userinit.exe
[2012/07/25 22:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows.old\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2012/07/26 00:10:16 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=C06BA1F360CEF6AB51F41B3D0D5FE92D -- C:\$WINDOWS.~BT\Windows\System32\winlogon.exe
[2012/07/26 00:10:16 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=C06BA1F360CEF6AB51F41B3D0D5FE92D -- C:\$WINDOWS.~BT\Windows\WinSxS\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_6c6e0cf7a65840b6\winlogon.exe
[2012/07/25 22:21:01 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=C06BA1F360CEF6AB51F41B3D0D5FE92D -- C:\Windows\System32\winlogon.exe
[2012/07/25 22:21:01 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=C06BA1F360CEF6AB51F41B3D0D5FE92D -- C:\Windows\WinSxS\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_6c6e0cf7a65840b6\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009/07/13 16:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows.old\Windows\System32\WINSOCK.DLL
[2009/07/13 16:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009/07/13 16:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL
[2012/07/25 17:52:36 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2012/07/25 17:52:36 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\WinSxS\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.2.9200.16384_none_fab884fb43f49c5d\WINSOCK.DLL

< End of report >


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-01 11:59:16
-----------------------------
11:59:16.843 OS Version: Windows 6.2.9200
11:59:16.843 Number of processors: 2 586 0x1706
11:59:16.843 ComputerName: CHINABOY-LENOVO UserName: CHINABOY
12:00:32.078 Initialize success
12:01:15.354 Disk 0 \Device\Harddisk0\DR0 -> \Device\RobsonImd-0
12:01:15.354 Disk 0 Vendor: Size: 1405MB BusType: 0
12:01:15.359 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
12:01:15.359 Disk 1 Vendor: Size: 1405MB BusType: 0
12:01:15.374 Disk 1 MBR read successfully
12:01:15.379 Disk 1 MBR scan
12:01:15.384 Disk 1 Windows 7 default MBR code
12:01:15.384 Disk 1 MBR hidden
12:01:15.389 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1499 MB offset 2048
12:01:15.389 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 293744 MB offset 3072000
12:01:15.394 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
12:01:15.399 Disk 1 scanning C:\WINDOWS\system32\drivers
12:01:21.961 Service scanning
12:01:26.332 Service MpKslc16c67cd C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKslc16c67cd.sys **LOCKED** 32
12:01:33.182 Modules scanning
12:01:36.982 Disk 1 trace - called modules:
12:01:37.009 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys iaNvStor.sys
12:01:37.014 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8655f800]
12:01:37.019 3 CLASSPNP.SYS[8bdb70c3] -> nt!IofCallDriver -> [0x85ffa3d8]
12:01:37.024 5 ACPI.sys[8b8db49a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8557e028]
12:01:37.029 Scan finished successfully
12:03:18.117 Disk 1 MBR has been saved successfully to "C:\Users\CHINABOY\Desktop\MBR.dat"
12:03:18.192 The log file has been saved successfully to "C:\Users\CHINABOY\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi no sign of that file .. Did you delete it ?

I see you have also run Combofix, could you post the log

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000016eac51682
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56929
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56929
[2012/11/13 06:12:22 | 000,000,000 | ---D | M] (TVersitybar Community Toolbar) -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
[2012/05/27 16:47:18 | 000,002,355 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DataVault Bar) - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files\DataVault\ie.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DataVault Bar) - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files\DataVault\ie.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2013/01/01 08:17:24 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Local\SwvUpdater
[2013/01/01 08:16:47 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Local\CRE

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
KLM56

KLM56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi, I think I deleted the file when I ran revo uninstaller. I did try to run combofix prior to upgrading to windows 8. The scan was never successful. I tried to run combofix again and it said it was not compatible with this version of Windows.


OTL logfile created on: 1/1/2013 1:21:38 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CHINABOY\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.37% Memory free
6.00 Gb Paging File | 4.47 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 286.86 Gb Total Space | 95.45 Gb Free Space | 33.27% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.64 Gb Free Space | 37.30% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.52 Gb Free Space | 35.64% Space Free | Partition Type: NTFS

Computer Name: CHINABOY-LENOVO | User Name: CHINABOY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/01 11:19:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CHINABOY\Desktop\OTL.exe
PRC - [2012/12/21 22:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\CHINABOY\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/10/23 10:10:40 | 001,084,328 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Password Manager\password_manager.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/21 12:50:26 | 000,057,704 | ---- | M] (Authentec Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2012/09/07 08:09:02 | 000,366,480 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2012/09/07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2012/09/07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2012/07/25 22:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012/07/25 22:30:33 | 000,013,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2012/07/25 22:20:59 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2012/07/25 22:20:59 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/25 22:20:44 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/07/25 22:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2012/05/16 05:32:00 | 000,476,256 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2012/05/16 05:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2012/04/17 18:20:54 | 002,326,288 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
PRC - [2012/04/17 18:20:36 | 000,498,960 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/04/17 18:20:32 | 000,107,792 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2012/03/08 11:19:40 | 000,104,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
PRC - [2012/03/01 10:35:18 | 000,509,448 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2011/11/04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/10/20 10:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/08/12 13:42:50 | 000,648,744 | R--- | M] (Ericsson AB) -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe
PRC - [2011/07/12 18:03:34 | 000,064,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
PRC - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/06/22 05:57:14 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/06/19 07:22:21 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2011/06/10 12:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/03/09 10:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 10:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 10:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/11/17 15:38:50 | 000,628,080 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/04/22 23:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/15 16:00:42 | 000,208,896 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
PRC - [2009/04/15 15:41:22 | 000,315,392 | R--- | M] (Lenovo) -- C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
PRC - [2009/04/15 14:57:58 | 000,077,824 | R--- | M] (ATK0101) -- C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
PRC - [2009/02/13 15:39:02 | 000,094,208 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
PRC - [2009/02/13 14:45:54 | 000,094,208 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/28 15:21:42 | 000,162,280 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\SBITS\DDNIOEMService.exe
PRC - [2007/09/07 08:41:50 | 000,053,248 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/04 20:15:15 | 012,456,040 | ---- | M] () -- C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:15:11 | 000,932,456 | ---- | M] () -- C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\metro_driver.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/05/16 05:32:00 | 000,101,888 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMROV.DLL
MOD - [2012/05/16 05:32:00 | 000,083,968 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2007/06/18 18:28:44 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2007/03/09 18:16:52 | 000,106,496 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll


========== Services (SafeList) ==========

SRV - [2012/12/30 02:02:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/23 15:20:54 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/11/17 18:15:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/07 08:08:50 | 000,272,272 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2012/09/07 08:08:48 | 000,133,008 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2012/07/25 23:03:42 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:31:20 | 002,151,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012/07/25 22:30:33 | 000,013,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2012/07/25 22:20:30 | 001,536,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2012/07/25 22:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012/07/25 22:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012/07/25 22:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012/07/25 22:20:07 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2012/07/25 22:20:05 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 22:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012/07/25 22:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012/07/25 22:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012/07/25 22:19:22 | 000,364,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2012/07/25 22:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012/07/25 22:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012/07/25 22:18:55 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2012/07/25 22:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012/07/25 22:18:28 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012/07/25 22:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012/07/25 22:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012/07/25 22:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012/07/25 22:18:01 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012/07/25 22:17:58 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012/07/25 22:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012/07/25 19:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012/05/16 05:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2012/05/16 05:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2012/04/17 18:20:54 | 002,326,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012/04/17 18:20:42 | 000,241,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012/04/17 18:20:36 | 000,498,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/04/17 18:20:32 | 000,107,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012/04/13 17:09:02 | 005,259,048 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2012/03/08 11:19:40 | 000,104,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012/03/01 10:35:18 | 000,509,448 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012/01/05 16:15:14 | 003,002,192 | ---- | M] (Conceiva Pty. Ltd.) [On_Demand | Stopped] -- C:\Program Files\Conceiva\Mezzmo\MezzmoMediaServer.exe -- (Mezzmo)
SRV - [2011/08/12 13:42:50 | 000,648,744 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/06/22 05:57:14 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/19 07:22:21 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/06/10 12:47:26 | 001,033,528 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2011/03/09 10:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 10:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 10:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/11/17 15:38:50 | 000,628,080 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/24 04:08:22 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/09/24 04:08:08 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/09/24 04:02:26 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/09/24 04:02:16 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/09/24 04:01:04 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/04/15 16:00:42 | 000,208,896 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS)
SRV - [2009/02/13 15:39:02 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/02/13 14:45:54 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2008/11/18 14:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/05/24 18:17:54 | 000,520,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/24 17:28:20 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/28 15:21:42 | 000,162,280 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\SBITS\DDNIOEMService.exe -- (DDNIOEMService)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKslc16c67cd.sys -- (MpKslc16c67cd)
DRV - [2012/12/08 03:01:04 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\gfibto.sys -- (gfibto)
DRV - [2012/09/19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/09/06 10:49:06 | 000,020,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2012/07/25 23:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012/07/25 22:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012/07/25 22:48:33 | 000,121,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2012/07/25 22:48:29 | 000,049,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012/07/25 22:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012/07/25 22:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012/07/25 22:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012/07/25 22:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012/07/25 22:42:19 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2012/07/25 22:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012/07/25 22:42:19 | 000,267,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2012/07/25 22:42:19 | 000,179,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012/07/25 22:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012/07/25 22:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012/07/25 22:42:18 | 000,066,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2012/07/25 22:42:15 | 000,238,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2012/07/25 22:42:15 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012/07/25 22:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012/07/25 22:42:15 | 000,046,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012/07/25 22:42:14 | 000,024,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012/07/25 22:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012/07/25 22:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012/07/25 22:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012/07/25 22:39:55 | 000,023,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/07/25 22:39:35 | 000,057,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2012/07/25 22:39:13 | 000,030,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012/07/25 22:34:01 | 000,199,920 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2012/07/25 22:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012/07/25 22:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012/07/25 22:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012/07/25 22:30:33 | 000,028,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2012/07/25 21:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012/07/25 21:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012/07/25 21:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012/07/25 21:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012/07/25 21:35:48 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2012/07/25 21:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012/07/25 21:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012/07/25 21:35:23 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012/07/25 21:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012/07/25 21:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012/07/25 21:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012/07/25 21:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012/07/25 21:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012/07/25 21:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012/07/25 21:34:16 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012/07/25 21:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012/07/25 21:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012/07/25 21:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012/07/25 21:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2012/07/25 21:33:37 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\winusb.sys -- (WinUsb)
DRV - [2012/07/25 21:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/07/25 21:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012/07/25 21:33:00 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012/07/25 21:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/25 21:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012/07/25 21:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012/07/25 21:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012/07/25 21:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012/07/25 21:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012/07/23 11:11:44 | 000,129,384 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ApsX86.sys -- (Shockprf)
DRV - [2012/06/27 21:06:16 | 010,900,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/05/16 05:32:00 | 000,017,736 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\Drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2012/01/23 16:43:06 | 007,523,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011/08/12 14:55:04 | 000,232,488 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2011/08/03 22:32:15 | 000,032,824 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\psadd.sys -- (psadd)
DRV - [2011/07/15 13:13:12 | 000,135,680 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/06/27 10:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2011/06/13 21:58:02 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\wwanussf.sys -- (ecnssndisfltr)
DRV - [2011/06/13 21:58:02 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\wwanuss.sys -- (ecnssndis)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/04/29 10:43:24 | 000,419,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV - [2011/04/29 10:43:14 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV - [2011/04/29 10:43:08 | 000,364,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\Drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/01/28 16:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 16:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/15 18:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/08 17:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/01 17:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\iaNvStor.sys -- (iaNvStor)
DRV - [2009/06/04 21:44:28 | 000,014,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\PuAcpi32.sys -- (MTsensor32)
DRV - [2008/07/31 02:12:58 | 000,173,584 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\USBSTK.sys -- (DCamUSBGene)
DRV - [2008/07/14 18:31:06 | 000,378,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\lnvocard.sys -- (lnvocard)
DRV - [2008/07/14 18:31:06 | 000,302,464 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\lnvobus.sys -- (lnvobus)
DRV - [2008/07/10 13:27:30 | 000,072,232 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\lnvogps.sys -- (lnvogps)
DRV - [2008/06/26 14:08:36 | 000,024,232 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\lnvoscard.sys -- (Sony_EricssonWWSC)
DRV - [2008/06/19 13:03:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/18 18:40:24 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/02 02:47:38 | 000,203,776 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/02/15 19:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/10/18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/07 08:38:12 | 000,057,856 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\Utimaco\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 13:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP)
DRV - [2007/06/18 18:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 18:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 18:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 18:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 18:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 18:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 18:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 18:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 22:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nsndis5.sys -- (NSNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rms}&FORM=LENIE
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2548838

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2548838
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "SearchAmong"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.searchamo...results.php?q="
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ascendo-inc/DataVault;version=1: C:\Program Files\DataVault\npapi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\CHINABOY\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\CHINABOY\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\CHINABOY\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\CHINABOY\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\CHINABOY\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DataVault\firefox [2012/03/10 10:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/27 00:25:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/01 09:43:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/01 07:11:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F74D5734-46F5-4B16-96F0-1E7FBF41B750}: C:\Program Files\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2013/01/01 07:55:04 | 000,000,000 | ---D | M]

[2011/05/30 22:31:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Extensions
[2012/12/08 03:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\extensions
[2012/10/27 10:37:36 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/12/08 03:00:34 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\extensions\[email protected]
[2012/07/21 09:27:31 | 000,000,778 | ---- | M] () -- C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\searchplugins\SearchAmong.xml
[2013/01/01 08:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/14 21:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/27 00:25:48 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012/11/17 18:15:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 22:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 22:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 22:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 22:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/09/12 22:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/09/12 22:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/11/02 03:25:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/17 18:15:01 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\CHINABOY\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\CHINABOY\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\CHINABOY\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Ascendo DataVault (Enabled) = C:\Program Files\DataVault\npapi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files\Photodex Presenter\npPxPlay.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\CHINABOY\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: ThinkVantage Password Manager = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab\4.10.6_0\
CHR - Extension: DataVault Extension = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.8.1_0\
CHR - Extension: Skype Click to Call = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: WhiteSmoke US New E1 = C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocoombckbcnabpaghmokhaapnbngahck\10.13.20.29_0\

O1 HOSTS File: ([2013/01/01 13:02:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\Drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [PasswordManager] C:\Program Files\Lenovo\Password Manager\password_manager.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - Startup: C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CHINABOY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Save to DataVault - C:\Program Files\DataVault [2013/01/01 13:02:39 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: arise.com ([ns] https in Trusted sites)
O15 - HKCU\..Trusted Domains: west.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: workathomeagent.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: x10.com ([gate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: x10.com ([multiview] http in Trusted sites)
O15 - HKCU\..Trusted Domains: x10.com ([myhouse] http in Trusted sites)
O16 - DPF: {001000AF-2DEF-0200-10B6-DC5BA692C858} http://control.x10.com/vidnx.cab (Vidnc Class)
O16 - DPF: {001000AF-2DEF-0202-10B6-DC5BA692C858} http://www.x10.com/s.../X10NetTest.cab (X10NetTest Class)
O16 - DPF: {001000AF-2DEF-0206-10B6-DC5BA692C858} http://gate.x10.com/control/xvidnx.cab (Xvidnc Class)
O16 - DPF: {001000AF-2DEF-0209-10B6-DC5BA692C858} http://site.x10.com/cabs/antx.cab (Antx Class)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.2.cab (AlternaTIFF ActiveX)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97CD6EBD-E1AC-45BA-863E-8B4BD4E93825}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\SWTOOLS\Wallpaper\BlueMap1680X1050.jpg
O24 - Desktop BackupWallPaper: C:\SWTOOLS\Wallpaper\BlueMap1680X1050.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a100c16c-8ca0-11e0-9d9a-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{a100c16c-8ca0-11e0-9d9a-028037ec0200}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/01 13:02:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/01 11:57:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\CHINABOY\Desktop\aswMBR.exe
[2013/01/01 11:19:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CHINABOY\Desktop\OTL.exe
[2013/01/01 10:00:40 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Roaming\VS Revo Group
[2013/01/01 08:58:05 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\CHINABOY\AppData\Local\log4cxx.dll
[2013/01/01 08:34:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/01/01 08:19:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\BuzzSocialPointsChecker
[2013/01/01 07:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPBA
[2012/12/31 22:09:11 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Roaming\Serif
[2012/12/31 21:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/12/31 21:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
[2012/12/31 21:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2012/12/30 19:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SitemapX
[2012/12/30 19:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\SitemapX
[2012/12/30 08:29:22 | 000,000,000 | ---D | C] -- C:\OSFIXES
[2012/12/30 07:41:06 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\Desktop\PDF Samples
[2012/12/30 03:27:59 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012/12/30 03:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eltima Software
[2012/12/30 03:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Eltima Software
[2012/12/30 01:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\AuthenTec
[2012/12/30 01:38:49 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Local\Packages
[2012/12/30 01:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2012/12/30 01:16:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2012/12/30 00:40:43 | 000,000,000 | --SD | C] -- C:\Users\CHINABOY\AppData\Roaming\Microsoft
[2012/12/30 00:40:43 | 000,000,000 | R--D | C] -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2012/12/30 00:40:43 | 000,000,000 | R--D | C] -- C:\Users\CHINABOY\Favorites
[2012/12/30 00:40:43 | 000,000,000 | R--D | C] -- C:\Users\CHINABOY\Desktop
[2012/12/30 00:40:43 | 000,000,000 | R--D | C] -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/12/30 00:40:43 | 000,000,000 | R--D | C] -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\AppData\Local\Temporary Internet Files
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Templates
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Start Menu
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\SendTo
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Recent
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\PrintHood
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\NetHood
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Documents\My Videos
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Documents\My Pictures
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Documents\My Music
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Local Settings
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\AppData\Local\History
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Cookies
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\Application Data
[2012/12/30 00:40:43 | 000,000,000 | -HSD | C] -- C:\Users\CHINABOY\AppData\Local\Application Data
[2012/12/30 00:40:43 | 000,000,000 | -H-D | C] -- C:\Users\CHINABOY\AppData
[2012/12/30 00:40:43 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Local\Temp
[2012/12/30 00:40:43 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Local\Microsoft
[2012/12/30 00:40:43 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/12/30 00:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Protector Suite
[2012/12/30 00:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/12/30 00:31:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/12/30 00:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/12/30 00:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/12/30 00:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/12/29 22:51:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2012/12/29 16:48:57 | 000,000,000 | RH-D | C] -- C:\ESD
[2012/12/26 07:04:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/12/24 09:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z3X
[2012/12/24 08:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Z3X
[2012/12/21 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\Documents\NAA
[2012/12/21 00:21:32 | 000,000,000 | ---D | C] -- C:\android-sdk
[2012/12/20 08:18:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012/12/20 06:42:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012/12/20 06:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012/12/20 06:18:44 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.exe
[2012/12/19 08:11:13 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\Desktop\Keemo phone
[2012/12/08 03:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/12/08 03:08:09 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Roaming\LavasoftStatistics
[2012/12/08 03:01:05 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/12/08 03:01:05 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2012/12/08 03:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/12/08 03:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/12/08 03:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/12/08 03:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/12/08 02:59:45 | 000,000,000 | ---D | C] -- C:\Users\CHINABOY\AppData\Roaming\Ad-Aware Antivirus
[2012/12/07 03:33:02 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\CHINABOY\Desktop\tdsskiller.exe
[1 C:\Users\CHINABOY\Documents\*.tmp files -> C:\Users\CHINABOY\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/01 13:22:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/01 13:17:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/01 13:16:53 | 000,769,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/01 13:16:53 | 000,151,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/01 13:10:27 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/01 13:08:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/01 13:08:00 | 2415,353,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/01 13:02:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/01/01 13:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/01 12:44:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/01/01 12:33:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3624466487-223628867-935231893-1003UA.job
[2013/01/01 12:08:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3624466487-223628867-935231893-1003UA.job
[2013/01/01 12:03:18 | 000,000,512 | ---- | M] () -- C:\Users\CHINABOY\Desktop\MBR.dat
[2013/01/01 11:59:05 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\CHINABOY\Desktop\aswMBR.exe
[2013/01/01 11:19:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CHINABOY\Desktop\OTL.exe
[2013/01/01 10:15:55 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013/01/01 09:43:45 | 000,000,000 | ---- | M] () -- C:\END
[2013/01/01 08:15:29 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/01 08:14:20 | 000,000,218 | ---- | M] () -- C:\Users\CHINABOY\.recently-used.xbel
[2013/01/01 08:04:04 | 004,071,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/01 07:55:32 | 000,000,146 | ---- | M] () -- C:\WINDOWS\launchpw.cmd
[2013/01/01 07:55:05 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Delpw32.cmd
[2012/12/31 21:52:39 | 000,169,378 | ---- | M] () -- C:\Users\Public\Documents\Explorer.dmp
[2012/12/31 21:52:39 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2012/12/31 18:55:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2012/12/31 18:08:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3624466487-223628867-935231893-1003Core.job
[2012/12/31 16:45:27 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3624466487-223628867-935231893-1003Core.job
[2012/12/30 03:23:39 | 000,001,440 | ---- | M] () -- C:\Users\CHINABOY\Desktop\Flash Decompiler Trillix.lnk
[2012/12/30 01:38:41 | 000,000,660 | RHS- | M] () -- C:\Users\CHINABOY\ntuser.pol
[2012/12/30 01:15:29 | 000,034,293 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2012/12/30 01:15:29 | 000,034,293 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2012/12/30 01:15:04 | 000,021,412 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/12/30 00:38:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WwanUsbMp_01009.Wdf
[2012/12/30 00:38:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2012/12/30 00:38:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/12/30 00:38:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/12/29 23:16:03 | 000,010,928 | ---- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/29 23:16:03 | 000,010,928 | ---- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/29 22:58:01 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/12/28 14:16:30 | 005,581,543 | ---- | M] () -- C:\Users\CHINABOY\Documents\Sparkle_Contract.pdf
[2012/12/28 11:45:55 | 000,001,456 | -H-- | M] () -- C:\Users\CHINABOY\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/12/24 09:05:23 | 000,001,223 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Tool.lnk
[2012/12/23 17:10:35 | 000,001,071 | ---- | M] () -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/23 17:04:42 | 000,001,188 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2012/12/08 03:01:04 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/12/08 03:01:04 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2012/12/07 03:33:24 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\CHINABOY\Desktop\tdsskiller.exe
[2012/12/07 03:24:31 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/12/05 09:01:22 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/12/05 09:01:22 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[1 C:\Users\CHINABOY\Documents\*.tmp files -> C:\Users\CHINABOY\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/01 12:44:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/01/01 12:03:18 | 000,000,512 | ---- | C] () -- C:\Users\CHINABOY\Desktop\MBR.dat
[2013/01/01 08:58:05 | 000,196,608 | ---- | C] () -- C:\Users\CHINABOY\AppData\Local\common_functions.dll
[2013/01/01 08:16:04 | 000,000,000 | ---- | C] () -- C:\END
[2013/01/01 08:15:29 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/01 08:14:20 | 000,000,218 | ---- | C] () -- C:\Users\CHINABOY\.recently-used.xbel
[2013/01/01 08:03:36 | 004,071,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/01 07:55:32 | 000,000,146 | ---- | C] () -- C:\WINDOWS\launchpw.cmd
[2013/01/01 07:55:05 | 000,000,412 | ---- | C] () -- C:\WINDOWS\Delpw32.cmd
[2012/12/31 21:52:39 | 000,000,000 | ---- | C] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2012/12/31 21:52:38 | 000,169,378 | ---- | C] () -- C:\Users\Public\Documents\Explorer.dmp
[2012/12/31 21:46:26 | 000,002,473 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PagePlus X5.lnk
[2012/12/31 18:55:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2012/12/30 03:23:39 | 000,001,440 | ---- | C] () -- C:\Users\CHINABOY\Desktop\Flash Decompiler Trillix.lnk
[2012/12/30 01:40:18 | 000,001,440 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/12/30 01:38:41 | 000,000,660 | RHS- | C] () -- C:\Users\CHINABOY\ntuser.pol
[2012/12/30 00:43:59 | 000,034,293 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2012/12/30 00:43:59 | 000,034,293 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2012/12/30 00:40:43 | 000,000,352 | ---- | C] () -- C:\Users\CHINABOY\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/12/30 00:40:43 | 000,000,334 | ---- | C] () -- C:\Users\CHINABOY\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/12/30 00:38:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WwanUsbMp_01009.Wdf
[2012/12/30 00:38:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2012/12/30 00:38:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/12/30 00:38:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/12/30 00:29:54 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2012/12/28 14:16:30 | 005,581,543 | ---- | C] () -- C:\Users\CHINABOY\Documents\Sparkle_Contract.pdf
[2012/12/24 09:05:23 | 000,001,223 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Tool.lnk
[2012/12/23 17:04:42 | 000,001,188 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2012/11/23 07:54:40 | 000,114,688 | ---- | C] () -- C:\Users\CHINABOY\AppData\Local\ie_runner_app.exe
[2012/11/22 18:58:48 | 000,001,041 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\vso_ts_preview.xml
[2012/11/12 12:28:29 | 000,001,456 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/10/27 10:00:29 | 000,000,132 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/10/21 06:25:55 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/07/26 01:55:27 | 000,769,030 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/26 01:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/07/26 01:55:27 | 000,151,114 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/26 01:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/07/26 01:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/07/26 01:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012/07/26 01:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 20:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012/07/25 19:48:53 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2012/07/25 15:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 15:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012/07/20 05:37:29 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2012/07/20 05:37:21 | 000,000,578 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/07/20 05:37:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012/07/20 05:35:30 | 000,000,228 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/07/20 05:35:30 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/07/20 05:35:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2012/07/20 05:29:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/07/20 05:29:25 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2012/07/13 21:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012/06/11 20:51:28 | 000,000,132 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/06/02 15:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012/06/02 09:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012/03/08 18:55:08 | 000,563,664 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\wanancsp.dat
[2012/02/12 13:40:33 | 000,002,949 | ---- | C] () -- C:\Users\CHINABOY\.TransferManager.db
[2012/02/09 19:59:19 | 000,220,496 | ---- | C] () -- C:\WINDOWS\hpoins19.dat
[2012/02/09 19:59:19 | 000,013,898 | ---- | C] () -- C:\WINDOWS\hpomdl19.dat
[2012/02/09 11:47:24 | 000,034,336 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2012/02/04 00:28:13 | 000,000,000 | ---- | C] () -- C:\Users\CHINABOY\.gtk-bookmarks
[2012/01/26 09:40:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2012/01/25 19:22:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012/01/25 19:21:22 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012/01/25 19:21:21 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/12/29 07:13:48 | 000,007,611 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\Resmon.ResmonCfg
[2011/12/14 22:19:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/14 22:19:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/14 22:19:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/14 22:19:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/14 22:19:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/29 16:38:18 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/11/29 16:38:12 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/11/29 16:38:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/11/29 16:38:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/11/29 16:38:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/11/17 19:43:12 | 000,000,043 | ---- | C] () -- C:\WINDOWS\MezzmoMediaServer.INI
[2011/10/15 19:31:48 | 000,000,000 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\{CB6F9CD2-4308-4154-B6C5-F3772D7D24AD}
[2011/07/22 14:19:20 | 000,036,575 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/06/18 07:10:42 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\f9t.dat
[2011/06/16 21:09:00 | 000,007,887 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\pcouffin.cat
[2011/06/16 21:09:00 | 000,001,144 | ---- | C] () -- C:\Users\CHINABOY\AppData\Roaming\pcouffin.inf
[2011/06/12 16:07:01 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2011/06/05 17:27:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/05 17:27:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/02 22:59:33 | 000,000,096 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\fusioncache.dat
[2011/06/01 22:43:15 | 000,000,227 | ---- | C] () -- C:\ProgramData\tvt_userinfo.ini
[2011/06/01 18:12:41 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/06/01 17:58:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/30 18:36:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/30 17:46:46 | 000,013,312 | -H-- | C] () -- C:\Users\CHINABOY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 15:26:00 | 000,014,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\PuAcpi32.sys
[2011/05/30 15:07:15 | 000,035,265 | R--- | C] () -- C:\WINDOWS\ConnectionProfiles.dat
[2011/05/30 12:38:26 | 000,021,412 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 22:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/07/25 22:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/05/30 18:39:16 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\acccore
[2013/01/01 09:51:39 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Ad-Aware Antivirus
[2012/01/05 20:06:48 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Aleo Software
[2011/12/05 17:39:19 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\AppKeys
[2012/03/10 10:23:39 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Ascendo
[2012/05/27 16:46:58 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Babylon
[2013/01/01 08:14:20 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\BitLord
[2011/05/30 17:48:23 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Blackberry Desktop
[2012/03/21 13:54:10 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Canneverbe Limited
[2012/11/15 01:35:59 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/26 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/14 19:47:32 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\CounterPath Solutions Inc
[2013/01/01 13:18:24 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Dropbox
[2012/03/08 18:55:12 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Ericsson
[2012/11/14 23:43:56 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Extend
[2012/10/21 07:13:22 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\FLVPlayerPackages
[2012/02/21 22:13:33 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\gcaltoolkit
[2011/06/12 16:10:29 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\GlobalSCAPE
[2012/02/06 16:05:52 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\gtk-2.0
[2012/01/22 17:49:36 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Hoyle FaceCreator
[2012/07/09 09:56:09 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Hoyle Puzzle and Board Games
[2011/08/25 16:24:39 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\ICAClient
[2012/01/04 19:05:58 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\ImgBurn
[2011/07/02 05:53:47 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\InterVideo
[2011/07/07 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Juniper Networks
[2011/06/01 16:43:22 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Leadertech
[2011/05/30 12:32:12 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Lenovo
[2011/06/18 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\MAGIX
[2012/08/25 19:29:58 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\mjusbsp
[2011/06/25 13:02:46 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Namco
[2011/06/19 07:22:30 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Netscape
[2012/09/09 09:43:54 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Notepad++
[2011/10/15 20:48:25 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\ooVoo Details
[2012/04/06 11:26:29 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\PC Cleaners
[2011/05/31 17:20:33 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\PCDr
[2012/04/06 11:36:42 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\PCPro
[2012/01/25 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\pdf995
[2011/06/19 07:21:40 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Photodex
[2011/06/02 05:16:37 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\PwrMgr
[2011/05/30 13:46:48 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Python-Eggs
[2011/05/30 17:44:53 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Research In Motion
[2012/03/09 18:41:37 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Samsung
[2012/12/31 22:09:11 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Serif
[2011/12/03 07:05:37 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\ShoppingDaisy
[2012/10/28 16:54:40 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\SlideshowPlusEditor
[2011/06/18 07:12:26 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Stamps.com Internet Postage
[2012/07/24 17:44:57 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\SystemRequirementsLab
[2012/01/25 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\TaxCut
[2012/04/06 17:45:34 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Temp
[2013/01/01 09:54:26 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Tether
[2011/11/27 20:29:35 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Ulead Systems
[2013/01/01 10:00:40 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\VS Revo Group
[2012/11/24 06:42:06 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Vso
[2011/08/30 09:01:52 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\West Corporation
[2011/06/01 16:43:53 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Western Digital
[2012/09/13 01:52:56 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\wgjohns.com
[2011/06/01 22:44:07 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\WMCore
[2012/02/09 11:28:43 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\X10 Commander
[2011/09/24 17:49:53 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\XCPCSync.OEM
[2012/12/31 09:26:45 | 000,000,000 | ---D | M] -- C:\Users\CHINABOY\AppData\Roaming\Yate

========== Purity Check ==========



< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems are you experiencing at the moment ?

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#7
KLM56

KLM56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
It doesn't appear to have any strange virus, just seems to be running sluggish, but I will deal with it.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.01.04

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16466
CHINABOY :: CHINABOY-LENOVO [administrator]

Protection: Enabled

1/1/2013 4:21:33 PM
mbam-log-2013-01-01 (16-21-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300282
Time elapsed: 9 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-3624466487-223628867-935231893-1003\$RSAF96N.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3624466487-223628867-935231893-1003\$RXPXOG3.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

(end)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets see if we can cut the sluggishness down a bit

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#9
KLM56

KLM56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
# AdwCleaner v2.104 - Logfile created 01/01/2013 at 17:02:57
# Updated 29/12/2012 by Xplode
# Operating system : Windows 8 Pro (32 bits)
# User : CHINABOY - CHINABOY-LENOVO
# Boot Mode : Normal
# Running from : C:\Users\CHINABOY\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\user.js
File Deleted : C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\searchplugins\SearchAmong.xml
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\CHINABOY\AppData\Local\Conduit
Folder Deleted : C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocoombckbcnabpaghmokhaapnbngahck
Folder Deleted : C:\Users\CHINABOY\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\CHINABOY\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\CHINABOY\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\CHINABOY\AppData\Roaming\Babylon
Folder Deleted : C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\adawaretb
Folder Deleted : C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\ConduitCommon
Folder Deleted : C:\Users\Spark\AppData\Roaming\Mozilla\Firefox\Profiles\iy3bhmk5.default\adawaretb

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ocoombckbcnabpaghmokhaapnbngahck
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2548838
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocoombckbcnabpaghmokhaapnbngahck
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.searchamong.com/results.php?q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.searchamong.com/results.php?q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\prefs.js

C:\Users\CHINABOY\AppData\Roaming\Mozilla\Firefox\Profiles\hzu7wqsx.default\user.js ... Deleted !

Deleted : user_pref("CT2548838..clientLogIsEnabled", true);
Deleted : user_pref("CT2548838..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2548838..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2548838.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2548838.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2548838.AppTrackingLastCheckTime", "Sun Nov 20 2011 07:32:32 GMT-0500 (Eastern Standard[...]
Deleted : user_pref("CT2548838.CT2548838", "CT2548838");
Deleted : user_pref("CT2548838.CurrentServerDate", "22-2-2012");
Deleted : user_pref("CT2548838.DSInstall", false);
Deleted : user_pref("CT2548838.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2548838.DialogsGetterLastCheckTime", "Tue Feb 21 2012 18:12:18 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT2548838.DownloadReferralCookieData", "");
Deleted : user_pref("CT2548838.ExternalComponentPollDate129601976232935581", "Tue Feb 21 2012 18:29:13 GMT-050[...]
Deleted : user_pref("CT2548838.FirstServerDate", "6-1-2012");
Deleted : user_pref("CT2548838.FirstTime", true);
Deleted : user_pref("CT2548838.FirstTimeFF3", true);
Deleted : user_pref("CT2548838.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2548838.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2548838.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2548838.HPInstall", false);
Deleted : user_pref("CT2548838.HasUserGlobalKeys", true);
Deleted : user_pref("CT2548838.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2548838.HomepageBeforeUnload", "hxxp://www.google.com/");
Deleted : user_pref("CT2548838.Initialize", true);
Deleted : user_pref("CT2548838.InitializeCommonPrefs", true);
Deleted : user_pref("CT2548838.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2548838.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2548838.InstalledDate", "Sun Nov 20 2011 07:32:24 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2548838.IsAlertDBUpdated", true);
Deleted : user_pref("CT2548838.IsGrouping", false);
Deleted : user_pref("CT2548838.IsInitSetupIni", true);
Deleted : user_pref("CT2548838.IsMulticommunity", false);
Deleted : user_pref("CT2548838.IsOpenThankYouPage", false);
Deleted : user_pref("CT2548838.IsOpenUninstallPage", true);
Deleted : user_pref("CT2548838.IsProtectorsInit", true);
Deleted : user_pref("CT2548838.LanguagePackLastCheckTime", "Tue Feb 21 2012 18:12:15 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT2548838.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2548838.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2548838.LastLogin_3.8.0.8", "Thu Jan 05 2012 21:15:41 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2548838.LastLogin_3.8.1.0", "Tue Feb 21 2012 18:12:15 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2548838.LatestVersion", "3.9.0.3");
Deleted : user_pref("CT2548838.Locale", "en");
Deleted : user_pref("CT2548838.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2548838.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2548838.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2548838.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT2548838.OriginalFirstVersion", "3.8.0.8");
Deleted : user_pref("CT2548838.SearchCaption", "TVersitybar Customized Web Search");
Deleted : user_pref("CT2548838.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2548838.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2548838.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT254[...]
Deleted : user_pref("CT2548838.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2548838.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2548838.SearchInNewTabLastCheckTime", "Tue Feb 21 2012 18:12:12 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT2548838.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2548838.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2548838.SearchProtectorEnabled", false);
Deleted : user_pref("CT2548838.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2548838.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2548838.ServiceMapLastCheckTime", "Tue Feb 21 2012 18:12:13 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT2548838.SettingsLastCheckTime", "Tue Feb 21 2012 18:12:12 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2548838.SettingsLastUpdate", "1326723880");
Deleted : user_pref("CT2548838.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2548838&SearchSource=13");
Deleted : user_pref("CT2548838.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2548838.ThirdPartyComponentsLastCheck", "Thu Feb 09 2012 11:10:20 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT2548838.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2548838.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2548838.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2548838");
Deleted : user_pref("CT2548838.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2548838.UserID", "UN64208766001457363");
Deleted : user_pref("CT2548838.alertChannelId", "941820");
Deleted : user_pref("CT2548838.components.1000034", false);
Deleted : user_pref("CT2548838.components.1000082", false);
Deleted : user_pref("CT2548838.components.1000234", false);
Deleted : user_pref("CT2548838.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2548838.globalFirstTimeInfoLastCheckTime", "Tue Feb 21 2012 18:12:16 GMT-0500 (Eastern [...]
Deleted : user_pref("CT2548838.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2548838.initDone", true);
Deleted : user_pref("CT2548838.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2548838.myStuffEnabled", true);
Deleted : user_pref("CT2548838.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2548838.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2548838.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2548838.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2548838.oldAppsList", "129117851804524181,129117851804836682,111,129601976232935581,129[...]
Deleted : user_pref("CT2548838.revertSettingsEnabled", false);
Deleted : user_pref("CT2548838.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2548838.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2548838.testingCtid", "");
Deleted : user_pref("CT2548838.toolbarAppMetaDataLastCheckTime", "Tue Feb 21 2012 18:12:15 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2548838.toolbarContextMenuLastCheckTime", "Thu Feb 09 2012 11:10:44 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2548838.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2548838/CT2548838[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2548838", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2548838",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2548838&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\CHINABOY\\AppData\\Roaming\\Mozilla[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2548838");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2548838");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2548838");
Deleted : user_pref("CommunityToolbar.globalUserId", "3a1220f9-f400-4c85-8ce7-71b2001e1e20");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Feb 21 2012 18:12:1[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 21 2012 18:12:13 GMT-0500 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "3ac610dd-e6c3-43f3-8c60-a319e014a034");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111305&tt=220512_53all");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "fc8a09270000000000000016eac51682");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "fc8a09270000000000000016eac51682");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15487");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111305&tt=22051[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:47:33");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://www.searchamong.com/results.php?q=");

File : C:\Users\Spark\AppData\Roaming\Mozilla\Firefox\Profiles\iy3bhmk5.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\CHINABOY\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=[...]
Deleted [l.2300] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3[...]

*************************

AdwCleaner[R1].txt - [18070 octets] - [01/01/2013 17:02:16]
AdwCleaner[S1].txt - [18246 octets] - [01/01/2013 17:02:57]

########## EOF - C:\AdwCleaner[S1].txt - [18307 octets] ##########
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Has that eased it any ?
  • 0

#11
KLM56

KLM56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Better than before. Thank you so much.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and press the uninstall button

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP