1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I don't know if it's possible to get rid of this virus. It's driving me nuts!

Discussion in 'Virus & Other Malware Removal' started by rosepeter, Jan 9, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. rosepeter

    rosepeter Thread Starter

    Joined:
    Jan 9, 2011
    Messages:
    10
    Hello I have recently recieved a computer to borrow for the next couple of months while I'm in Germany. The computer was a bit of a mess but I have installed all the latest windows updates and tried my best to uninstall some of the junk programmes. I have also installed Avast and have run several malware removal programmes (avast found no virus but adaware, IObit and malwarebytes each found different threats which I have removed). I m now just running IObit.

    I am still certain there is some sort of spyware or virus on the computer as there was a programme called Favorit I have uninstalled several times. Now it have gone from the uninstall list but I'm still getting about one popup per minute (with ie and chrome). It's been driving me crazy! PLEASE HELP! I have posted the requested logs below and attached the other .txt file. However I tried running the GMER programme twice with all windows closed and without touching anything and the computer just crashed and restarted itself.
    Thanks in advance.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:33:14, on 09.01.2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\IObit\IObit Security 360\is360tray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\Kurt\AppData\Local\gnngnnf.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Kurt\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome/thinkpad
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [gnngnnf] "c:\users\kurt\appdata\local\gnngnnf.exe" gnngnnf
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: LenovoRegistration.lnk = C:\SWTOOLS\LenovoWelcome\LenovoRegistration.cmd
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1222444651
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Update Service (gupdate1c9ca8eb92423d0) (gupdate1c9ca8eb92423d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
    O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
    O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 14242 bytes



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Kurt at 14:35:08,73 on 09.01.2011
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.2030.825 [GMT 1:00]

    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Program Files\Lenovo\System Update\SUService.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Windows\System32\TPHDEXLG.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Windows\System32\alg.exe
    C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\IObit\IObit Security 360\is360tray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\Kurt\AppData\Local\gnngnnf.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
    C:\Windows\System32\svchost.exe -k wdisvc
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Kurt\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page =
    uStart Page = hxxp://www.lenovo.com/welcome/thinkpad
    uSearch Bar =
    uDefault_Page_URL = hxxp://lenovo.live.com
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [T-Online_Software_6\WLAN-Access Finder] c:\program files\t-online\wlan-access finder\ToWLaAcF.exe /StartMinimized
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [gnngnnf] "c:\users\kurt\appdata\local\gnngnnf.exe" gnngnnf
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
    mRun: [TpShocks] TpShocks.exe
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
    mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
    mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
    mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
    mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
    mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
    dRun: [T-Online_Software_6\WLAN-Access Finder] c:\program files\t-online\wlan-access finder\ToWLaAcF.exe /StartMinimized
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lenovo~1.lnk - c:\swtools\lenovowelcome\LenovoRegistration.cmd
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Bild an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Seite an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1222444651
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    LSA: Notification Packages = scecli psqlpwd ACGina

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\kurt\appdata\roaming\mozilla\firefox\profiles\po7rejq4.default\
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-6 293968]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-6 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-6 51280]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-6 40384]
    R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-1-9 312152]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-14 11152]
    R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 55936]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]
    R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-12-12 81280]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9ca8eb92423d0;Google Update Service (gupdate1c9ca8eb92423d0);c:\program files\google\update\GoogleUpdate.exe [2009-5-1 133104]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
    S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-2 21504]
    S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\t-online\t-onli~1\basis-~1\basis1\MTOnlPktAlyX.SYS [2008-3-6 17536]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-01-09 12:53:50 -------- d-----w- c:\program files\Windows Portable Devices
    2011-01-09 12:04:19 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2011-01-09 12:04:18 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2011-01-09 12:04:18 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2011-01-09 12:02:57 134144 ----a-w- c:\program files\windows portable devices\sqmapi.dll
    2011-01-09 12:01:31 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-01-09 12:01:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-01-09 12:01:31 234496 ----a-w- c:\windows\system32\oleacc.dll
    2011-01-09 11:42:23 -------- d-----w- c:\users\kurt\appdata\roaming\IObit
    2011-01-09 11:42:22 -------- d-----w- c:\progra~2\IObit
    2011-01-09 11:42:20 -------- d-----w- c:\program files\IObit
    2011-01-08 16:22:05 -------- d-----w- c:\windows\system32\eu-ES
    2011-01-08 16:22:05 -------- d-----w- c:\windows\system32\ca-ES
    2011-01-08 16:21:59 -------- d-----w- c:\windows\system32\vi-VN
    2011-01-08 15:59:04 -------- d-----w- c:\windows\system32\EventProviders
    2011-01-08 14:46:00 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
    2011-01-08 14:37:21 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-01-08 14:37:21 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-01-08 14:37:21 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-01-08 14:37:21 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-01-08 14:37:21 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-01-08 14:27:59 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
    2011-01-08 14:26:59 852992 ----a-w- c:\windows\system32\mcmde.dll
    2011-01-08 14:25:42 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
    2011-01-08 14:25:42 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-01-08 14:25:42 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2011-01-08 14:25:42 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
    2011-01-08 14:25:42 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
    2011-01-08 14:25:42 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
    2011-01-08 14:25:42 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
    2011-01-08 14:25:39 705536 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-01-08 14:25:34 218624 ----a-w- c:\windows\system32\wdscore.dll
    2011-01-08 14:25:34 130560 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-01-08 14:25:29 247808 ----a-w- c:\windows\system32\drvstore.dll
    2011-01-08 13:32:41 231424 ----a-w- c:\windows\system32\msshsq.dll
    2011-01-08 13:32:39 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-01-08 13:32:38 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-01-08 13:32:36 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2011-01-08 13:32:23 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2011-01-08 13:32:23 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2011-01-08 13:32:03 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-01-08 13:32:03 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-01-08 13:32:03 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2011-01-08 13:32:02 17920 ----a-w- c:\windows\system32\netevent.dll
    2011-01-08 13:32:02 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-01-08 13:31:45 81920 ----a-w- c:\windows\system32\iccvid.dll
    2011-01-08 13:22:32 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-01-08 13:22:27 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-01-08 13:14:17 502272 ----a-w- c:\windows\system32\usp10.dll
    2011-01-08 13:14:13 66048 ----a-w- c:\program files\windows mail\wabmig.exe
    2011-01-08 13:14:13 515584 ----a-w- c:\program files\windows mail\wab.exe
    2011-01-08 13:14:12 33280 ----a-w- c:\program files\windows mail\wabfind.dll
    2011-01-08 13:09:48 274944 ----a-w- c:\windows\system32\schannel.dll
    2011-01-08 13:08:09 1616384 ----a-w- c:\program files\windows mail\msoe.dll
    2011-01-08 13:04:43 67072 ----a-w- c:\windows\system32\asycfilt.dll
    2011-01-08 13:04:32 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2011-01-08 13:04:32 1316864 ----a-w- c:\windows\system32\ole32.dll
    2011-01-08 13:03:26 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2011-01-08 13:03:11 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2011-01-08 13:03:09 2038272 ----a-w- c:\windows\system32\win32k.sys
    2011-01-08 13:03:05 157184 ----a-w- c:\windows\system32\t2embed.dll
    2011-01-08 13:03:03 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
    2011-01-08 13:03:01 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
    2011-01-08 13:02:56 1696256 ----a-w- c:\windows\system32\gameux.dll
    2011-01-08 13:02:55 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-01-08 13:02:54 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-01-08 13:02:26 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2011-01-08 13:02:20 954752 ----a-w- c:\windows\system32\mfc40.dll
    2011-01-08 13:02:19 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2011-01-08 13:02:11 36864 ----a-w- c:\windows\system32\rtutils.dll
    2011-01-08 13:02:01 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2011-01-08 13:02:00 352768 ----a-w- c:\windows\system32\taskschd.dll
    2011-01-08 13:01:59 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-01-08 13:01:59 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2011-01-08 13:01:59 171520 ----a-w- c:\windows\system32\taskeng.exe
    2011-01-08 13:00:58 81920 ----a-w- c:\windows\system32\consent.exe
    2011-01-08 12:55:12 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 12:55:12 292352 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-08 12:55:11 72704 ----a-w- c:\windows\system32\fontsub.dll
    2011-01-08 12:53:51 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2011-01-08 12:51:15 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-01-08 12:43:15 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-01-08 12:32:36 531968 ----a-w- c:\windows\system32\comctl32.dll
    2011-01-08 11:24:14 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-08 11:00:23 -------- d-----w- c:\users\kurt\appdata\local\Sunbelt Software
    2011-01-08 10:55:14 -------- d-----w- c:\program files\Lavasoft
    2011-01-07 17:19:33 -------- d-----w- C:\PerfLogs
    2011-01-07 15:54:59 -------- d-----w- c:\program files\VS Revo Group
    2011-01-07 12:58:39 -------- d-----w- c:\users\kurt\appdata\roaming\Malwarebytes
    2011-01-07 12:58:28 -------- d-----w- c:\progra~2\Malwarebytes
    2011-01-07 12:58:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-07 11:17:39 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{9969b1e2-e922-4961-9b55-898ee11cfa39}\mpengine.dll
    2011-01-06 20:28:38 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-06 20:27:12 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-06 20:26:34 -------- d-----w- c:\progra~2\Alwil Software
    2011-01-06 11:10:48 -------- d-----w- c:\program files\CCleaner
    2011-01-06 10:21:12 532480 ----a-w- c:\users\kurt\appdata\local\gnngnnf.exe
    2010-12-23 13:37:59 1222408 ------w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    2010-12-22 15:42:01 667648 ------w- c:\users\kurt\appdata\local\dbavmj.exe

    ==================== Find3M ====================

    2011-01-07 17:02:29 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-01-07 17:02:21 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2011-01-03 09:52:33 9 ------w- c:\users\kurt\appdata\roaming\mdb.bin
    2010-12-02 03:35:18 4280320 ------w- c:\windows\system32\GPhotos.scr
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

    ============= FINISH: 14:36:28,09 ===============
     

    Attached Files:

  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya rosepeter,

    OK proceed as follows please :-

    Step 1

    Please re-open HiJackThis and scan only.**Check the boxes next to all the entries listed below.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKCU\..\Run: [gnngnnf] "c:\users\kurt\appdata\local\gnngnnf.exe" gnngnnf


    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot

    Step 2

    Uninstall the following from Add/Remove Programs (if present)

    IObit

    Step 3

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Make sure any open work is saved. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

    Step 4

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 5

    Download [​IMG] from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3

    • Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in
      Code:
            netsvcs
            drivers32
            %SYSTEMDRIVE%\*.*
            %systemroot%\*. /mp /s
            CREATERESTOREPOINT
            %systemroot%\System32\config\*.sav
            HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Copy and paste OTL Txt and ExtrasTxt in your reply.

    What i`d like to see in reply :-

    • Log from Malwarebytes
    • OTL Txt
    • Extras Txt

    Kevin
     
  3. rosepeter

    rosepeter Thread Starter

    Joined:
    Jan 9, 2011
    Messages:
    10
    Hi Kevin,

    Thanks so much for all your help. I have been through the steps you instructed and attached the txt files requested. Thanks again...Pete
     

    Attached Files:

  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Pete,

    Can you copy and paste the logs into your reply as instructed please. It makes it a lot easier for me to decipher them.

    Thanks,

    Kevin
     
  5. rosepeter

    rosepeter Thread Starter

    Joined:
    Jan 9, 2011
    Messages:
    10
    Hi Kevin,

    Please see the logs in the posts below. I tried doing this at first but I think it was too much text for one post.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5488

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    09.01.2011 17:43:45
    mbam-log-2011-01-09 (17-43-45).txt

    Scan type: Quick scan
    Objects scanned: 158935
    Time elapsed: 7 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  6. rosepeter

    rosepeter Thread Starter

    Joined:
    Jan 9, 2011
    Messages:
    10
    OTL logfile created on: 09.01.2011 17:59:42 - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Kurt\Desktop
    Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 179,62 Gb Total Space | 71,94 Gb Free Space | 40,05% Space Free | Partition Type: NTFS

    Computer Name: KURT-PC | User Name: Kurt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011.01.09 17:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kurt\Desktop\OTL.exe
    PRC - [2010.12.31 21:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010.12.09 00:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2010.05.05 08:29:46 | 000,804,288 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe
    PRC - [2010.05.05 08:29:46 | 000,111,960 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
    PRC - [2010.05.05 08:29:44 | 001,234,360 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
    PRC - [2010.02.11 15:08:40 | 002,202,232 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\T-Online\T-Online_Software_6\Browser\browser.exe
    PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008.04.08 16:49:18 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
    PRC - [2008.02.22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2007.09.28 16:29:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
    PRC - [2007.09.28 13:28:40 | 000,181,544 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
    PRC - [2007.08.09 11:03:38 | 002,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    PRC - [2007.08.09 10:45:36 | 000,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    PRC - [2007.08.09 10:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    PRC - [2007.07.26 16:55:16 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe
    PRC - [2007.07.09 21:40:30 | 001,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2007.07.05 15:49:18 | 000,128,296 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    PRC - [2007.07.05 15:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    PRC - [2007.07.05 15:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    PRC - [2007.07.05 15:48:54 | 000,206,120 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    PRC - [2007.07.05 15:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    PRC - [2007.07.05 10:00:50 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2007.06.07 16:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
    PRC - [2007.05.31 11:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
    PRC - [2007.04.26 18:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
    PRC - [2007.04.09 19:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    PRC - [2007.03.29 13:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
    PRC - [2007.03.28 18:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    PRC - [2007.03.14 22:18:22 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    PRC - [2007.03.13 09:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
    PRC - [2007.03.09 06:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    PRC - [2007.03.08 05:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2007.03.02 06:07:28 | 000,055,936 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2007.02.05 23:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
    PRC - [2007.02.01 19:00:01 | 000,419,376 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    PRC - [2007.01.30 04:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
    PRC - [2007.01.08 20:12:28 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    PRC - [2007.01.08 20:12:20 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    PRC - [2007.01.08 20:03:26 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    PRC - [2007.01.08 20:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    PRC - [2007.01.08 19:49:46 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    PRC - [2007.01.08 18:42:20 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2006.11.15 16:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    PRC - [2006.11.15 16:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2006.11.07 11:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    PRC - [2006.11.03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
    PRC - [2006.09.06 08:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe


    ========== Modules (SafeList) ==========

    MOD - [2011.01.09 17:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kurt\Desktop\OTL.exe
    MOD - [2010.12.31 21:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007.09.28 16:29:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
    SRV - [2007.08.09 10:45:36 | 000,722,232 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
    SRV - [2007.08.09 10:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
    SRV - [2007.07.05 15:48:54 | 000,206,120 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
    SRV - [2007.07.05 15:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2007.06.07 16:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2007.05.31 11:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
    SRV - [2007.03.02 06:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV - [2007.02.05 23:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2007.01.30 04:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
    SRV - [2007.01.08 20:12:20 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
    SRV - [2007.01.08 20:03:26 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
    SRV - [2007.01.08 20:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
    SRV - [2007.01.08 18:42:20 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
    SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2006.11.15 16:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010.12.31 20:56:37 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
    DRV - [2008.03.05 17:43:32 | 000,223,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008.01.19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2007.12.11 20:12:46 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
    DRV - [2007.09.28 16:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
    DRV - [2007.09.28 16:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
    DRV - [2007.09.05 18:07:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
    DRV - [2007.08.08 12:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007.07.30 03:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007.07.30 02:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007.07.27 08:57:00 | 007,131,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007.07.24 05:34:36 | 000,348,160 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2007.07.05 10:20:32 | 000,181,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007.06.08 01:36:44 | 000,081,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
    DRV - [2007.05.31 11:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV - [2007.05.22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
    DRV - [2007.05.22 08:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
    DRV - [2007.04.29 22:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007.03.29 19:46:00 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2007.03.14 22:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
    DRV - [2007.03.14 21:50:06 | 000,040,848 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2007.03.13 16:13:52 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2007.03.13 16:13:32 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007.03.13 16:13:30 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007.03.13 16:13:30 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007.03.13 16:13:28 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007.03.13 16:13:26 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007.03.13 16:13:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007.03.13 16:13:24 | 000,104,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007.03.12 01:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2007.02.27 06:20:00 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2007.02.27 06:20:00 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2007.02.12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2007.02.09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2007.02.08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007.02.08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007.01.09 01:25:53 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2006.12.22 03:50:00 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2006.12.22 03:49:00 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2006.12.22 03:48:00 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2006.11.28 08:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006.11.06 09:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
    DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006.11.02 09:51:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006.11.02 08:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2006.10.19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2006.10.09 13:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
    DRV - [2006.09.05 19:07:00 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
    DRV - [2006.08.30 11:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome/thinkpad
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.11 16:14:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.01 21:05:01 | 000,000,000 | ---D | M]

    [2009.07.05 15:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kurt\AppData\Roaming\mozilla\Extensions
    [2010.01.02 16:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kurt\AppData\Roaming\mozilla\Firefox\Profiles\po7rejq4.default\extensions
    [2009.09.21 14:50:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kurt\AppData\Roaming\mozilla\Firefox\Profiles\po7rejq4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009.07.05 15:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009.12.11 16:14:51 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
    [2009.12.11 16:14:52 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
    [2009.12.11 16:14:52 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
    [2009.12.11 16:14:52 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
    [2009.12.11 16:14:52 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

    O1 HOSTS File: ([2011.01.07 16:26:14 | 000,000,698 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
    O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
    O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
    O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
    O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
    O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O13 - gopher Prefix: missing
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1222444651 (Image Uploader Control)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img30.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img30.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{eefd8c47-eba7-11de-a60c-001e4cf567cb}\Shell - "" = AutoRun
    O33 - MountPoints2\{eefd8c47-eba7-11de-a60c-001e4cf567cb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /pup /archives /IA:0 /KBD:3 /dir:"C:\Program Files\Alwil Software\Avast5") - C:\Windows\System32\aswBoot.exe (AVAST Software)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
    Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
    Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
    Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
    Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011.01.09 17:52:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kurt\Desktop\OTL.exe
    [2011.01.09 17:28:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.01.09 17:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011.01.09 17:28:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.01.09 17:15:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Kurt\Desktop\TFC.exe
    [2011.01.09 16:55:43 | 000,000,000 | ---D | C] -- C:\Users\Kurt\Desktop\backups
    [2011.01.09 14:30:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kurt\Desktop\HijackThis.exe
    [2011.01.09 13:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
    [2011.01.09 13:04:19 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
    [2011.01.09 13:04:18 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
    [2011.01.09 13:04:18 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
    [2011.01.09 13:03:38 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
    [2011.01.09 13:03:37 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
    [2011.01.09 13:03:36 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2011.01.09 13:03:36 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2011.01.09 13:03:36 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2011.01.09 13:03:36 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2011.01.09 13:03:35 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
    [2011.01.09 13:03:35 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
    [2011.01.09 13:03:35 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
    [2011.01.09 13:03:35 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2011.01.09 13:03:35 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
    [2011.01.09 13:03:35 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2011.01.09 13:03:35 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2011.01.09 13:03:35 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2011.01.09 13:03:35 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
    [2011.01.09 13:03:35 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
    [2011.01.09 13:03:35 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2011.01.09 13:03:34 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2011.01.09 13:03:34 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
    [2011.01.09 13:03:34 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
    [2011.01.09 13:03:34 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
    [2011.01.09 13:03:34 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
    [2011.01.09 13:03:34 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2011.01.09 13:03:34 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
    [2011.01.09 13:03:34 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2011.01.09 13:03:04 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
    [2011.01.09 13:03:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
    [2011.01.09 13:02:56 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
    [2011.01.09 13:02:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
    [2011.01.09 13:02:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
    [2011.01.09 13:02:51 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
    [2011.01.09 13:02:51 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
    [2011.01.09 13:02:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
    [2011.01.09 13:02:51 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
    [2011.01.09 13:02:51 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
    [2011.01.09 13:02:51 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
    [2011.01.09 13:02:50 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
    [2011.01.09 13:01:31 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
    [2011.01.09 13:01:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
    [2011.01.09 12:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2011.01.09 12:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2011.01.08 17:22:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2011.01.08 17:22:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2011.01.08 17:21:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2011.01.08 16:59:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2011.01.08 15:37:21 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2011.01.08 15:37:21 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2011.01.08 15:37:21 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
    [2011.01.08 15:28:28 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
    [2011.01.08 15:28:25 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
    [2011.01.08 15:28:23 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
    [2011.01.08 15:28:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
    [2011.01.08 15:28:21 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
    [2011.01.08 15:28:19 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
    [2011.01.08 15:28:16 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
    [2011.01.08 15:28:15 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
    [2011.01.08 15:28:14 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2011.01.08 15:28:13 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
    [2011.01.08 15:28:11 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
    [2011.01.08 15:28:10 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
    [2011.01.08 15:28:10 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
    [2011.01.08 15:28:09 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2011.01.08 15:28:08 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
    [2011.01.08 15:28:08 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
    [2011.01.08 15:28:07 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
    [2011.01.08 15:28:07 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
    [2011.01.08 15:28:07 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
    [2011.01.08 15:28:06 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
    [2011.01.08 15:28:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
    [2011.01.08 15:28:03 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
    [2011.01.08 15:28:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
    [2011.01.08 15:28:02 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
    [2011.01.08 15:28:02 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
    [2011.01.08 15:28:02 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
    [2011.01.08 15:28:01 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2011.01.08 15:28:00 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
    [2011.01.08 15:27:59 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
    [2011.01.08 15:27:58 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
    [2011.01.08 15:27:57 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
    [2011.01.08 15:27:56 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
    [2011.01.08 15:27:56 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
    [2011.01.08 15:27:56 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
    [2011.01.08 15:27:55 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pmcsnap.dll
    [2011.01.08 15:27:54 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
    [2011.01.08 15:27:53 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
    [2011.01.08 15:27:52 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
    [2011.01.08 15:27:52 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
    [2011.01.08 15:27:52 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
    [2011.01.08 15:27:52 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
    [2011.01.08 15:27:50 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
    [2011.01.08 15:27:50 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
    [2011.01.08 15:27:50 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2011.01.08 15:27:50 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
    [2011.01.08 15:27:50 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
    [2011.01.08 15:27:49 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
    [2011.01.08 15:27:49 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
    [2011.01.08 15:27:49 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
    [2011.01.08 15:27:48 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
    [2011.01.08 15:27:48 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
    [2011.01.08 15:27:46 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
    [2011.01.08 15:27:46 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
    [2011.01.08 15:27:46 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
    [2011.01.08 15:27:46 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
    [2011.01.08 15:27:45 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
    [2011.01.08 15:27:45 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
    [2011.01.08 15:27:44 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
    [2011.01.08 15:27:44 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
    [2011.01.08 15:27:44 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
    [2011.01.08 15:27:44 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
    [2011.01.08 15:27:44 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2011.01.08 15:27:43 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
    [2011.01.08 15:27:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
    [2011.01.08 15:27:42 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
    [2011.01.08 15:27:42 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
    [2011.01.08 15:27:42 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
    [2011.01.08 15:27:42 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
    [2011.01.08 15:27:40 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
    [2011.01.08 15:27:40 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
    [2011.01.08 15:27:40 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
    [2011.01.08 15:27:40 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
    [2011.01.08 15:27:40 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
    [2011.01.08 15:27:39 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2011.01.08 15:27:38 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
    [2011.01.08 15:27:38 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
    [2011.01.08 15:27:37 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
    [2011.01.08 15:27:37 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
    [2011.01.08 15:27:37 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2011.01.08 15:27:37 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2011.01.08 15:27:36 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
    [2011.01.08 15:27:36 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
    [2011.01.08 15:27:35 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
    [2011.01.08 15:27:35 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
    [2011.01.08 15:27:34 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
    [2011.01.08 15:27:34 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
    [2011.01.08 15:27:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
    [2011.01.08 15:27:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
    [2011.01.08 15:27:33 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
    [2011.01.08 15:27:33 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
    [2011.01.08 15:27:33 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
    [2011.01.08 15:27:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
    [2011.01.08 15:27:31 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
    [2011.01.08 15:27:31 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
    [2011.01.08 15:27:31 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
    [2011.01.08 15:27:30 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
    [2011.01.08 15:27:30 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
    [2011.01.08 15:27:29 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
    [2011.01.08 15:27:29 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
    [2011.01.08 15:27:28 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
    [2011.01.08 15:27:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
    [2011.01.08 15:27:27 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2011.01.08 15:27:26 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
    [2011.01.08 15:27:26 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
    [2011.01.08 15:27:26 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
    [2011.01.08 15:27:26 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
    [2011.01.08 15:27:26 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
    [2011.01.08 15:27:25 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
    [2011.01.08 15:27:25 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
    [2011.01.08 15:27:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
    [2011.01.08 15:27:24 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
    [2011.01.08 15:27:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
    [2011.01.08 15:27:23 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
    [2011.01.08 15:27:23 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
    [2011.01.08 15:27:21 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
    [2011.01.08 15:27:21 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
    [2011.01.08 15:27:21 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
    [2011.01.08 15:27:21 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
    [2011.01.08 15:27:21 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
    [2011.01.08 15:27:21 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
    [2011.01.08 15:27:21 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
    [2011.01.08 15:27:21 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
    [2011.01.08 15:27:21 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
    [2011.01.08 15:27:20 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
    [2011.01.08 15:27:20 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
    [2011.01.08 15:27:20 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
    [2011.01.08 15:27:19 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
    [2011.01.08 15:27:19 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
    [2011.01.08 15:27:19 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
    [2011.01.08 15:27:19 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
    [2011.01.08 15:27:19 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
    [2011.01.08 15:27:19 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
    [2011.01.08 15:27:19 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
    [2011.01.08 15:27:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
    [2011.01.08 15:27:18 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
    [2011.01.08 15:27:18 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
    [2011.01.08 15:27:18 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
    [2011.01.08 15:27:18 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
    [2011.01.08 15:27:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
    [2011.01.08 15:27:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
    [2011.01.08 15:27:17 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
    [2011.01.08 15:27:17 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
    [2011.01.08 15:27:17 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
    [2011.01.08 15:27:17 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2011.01.08 15:27:16 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
    [2011.01.08 15:27:15 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
    [2011.01.08 15:27:15 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
    [2011.01.08 15:27:15 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
    [2011.01.08 15:27:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
    [2011.01.08 15:27:15 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
    [2011.01.08 15:27:14 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
    [2011.01.08 15:27:14 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
    [2011.01.08 15:27:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
    [2011.01.08 15:27:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
    [2011.01.08 15:27:14 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
    [2011.01.08 15:27:13 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
    [2011.01.08 15:27:13 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
    [2011.01.08 15:27:13 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
    [2011.01.08 15:27:13 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
    [2011.01.08 15:27:13 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
    [2011.01.08 15:27:12 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
    [2011.01.08 15:27:12 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
    [2011.01.08 15:27:12 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
    [2011.01.08 15:27:11 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
    [2011.01.08 15:27:11 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
    [2011.01.08 15:27:11 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
    [2011.01.08 15:27:11 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
    [2011.01.08 15:27:11 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2011.01.08 15:27:10 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
    [2011.01.08 15:27:09 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
    [2011.01.08 15:27:09 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
    [2011.01.08 15:27:09 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
    [2011.01.08 15:27:09 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
    [2011.01.08 15:27:09 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
    [2011.01.08 15:27:09 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
    [2011.01.08 15:27:09 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
    [2011.01.08 15:27:08 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
    [2011.01.08 15:27:08 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
    [2011.01.08 15:27:08 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
    [2011.01.08 15:27:06 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
    [2011.01.08 15:27:06 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
    [2011.01.08 15:27:06 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
    [2011.01.08 15:27:06 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2011.01.08 15:27:06 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
    [2011.01.08 15:27:06 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
    [2011.01.08 15:27:05 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
    [2011.01.08 15:27:05 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
    [2011.01.08 15:27:05 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
    [2011.01.08 15:27:05 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
    [2011.01.08 15:27:05 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2011.01.08 15:27:05 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
    [2011.01.08 15:27:04 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
    [2011.01.08 15:27:04 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
    [2011.01.08 15:27:03 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
    [2011.01.08 15:27:03 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2011.01.08 15:27:03 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
    [2011.01.08 15:27:03 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
    [2011.01.08 15:27:03 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
    [2011.01.08 15:27:03 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
    [2011.01.08 15:27:02 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
    [2011.01.08 15:27:02 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
    [2011.01.08 15:27:02 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    [2011.01.08 15:27:01 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
    [2011.01.08 15:27:01 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
    [2011.01.08 15:27:01 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
    [2011.01.08 15:27:01 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
    [2011.01.08 15:27:01 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
    [2011.01.08 15:27:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
    [2011.01.08 15:27:00 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
    [2011.01.08 15:27:00 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
    [2011.01.08 15:27:00 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
    [2011.01.08 15:27:00 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
    [2011.01.08 15:26:59 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
    [2011.01.08 15:26:59 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
    [2011.01.08 15:26:59 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
    [2011.01.08 15:26:59 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
    [2011.01.08 15:26:59 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
    [2011.01.08 15:26:59 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
    [2011.01.08 15:26:58 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
    [2011.01.08 15:26:58 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
    [2011.01.08 15:26:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
    [2011.01.08 15:26:58 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
    [2011.01.08 15:26:58 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
    [2011.01.08 15:26:58 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
    [2011.01.08 15:26:58 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
    [2011.01.08 15:26:58 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2011.01.08 15:26:57 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
    [2011.01.08 15:26:57 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
    [2011.01.08 15:26:57 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
    [2011.01.08 15:26:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
    [2011.01.08 15:26:57 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
    [2011.01.08 15:26:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
    [2011.01.08 15:26:56 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
    [2011.01.08 15:26:56 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
    [2011.01.08 15:26:56 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
    [2011.01.08 15:26:56 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
    [2011.01.08 15:26:56 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
    [2011.01.08 15:26:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
    [2011.01.08 15:26:56 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
    [2011.01.08 15:26:55 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
    [2011.01.08 15:26:55 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
    [2011.01.08 15:26:55 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
    [2011.01.08 15:26:55 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
    [2011.01.08 15:26:55 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
    [2011.01.08 15:26:55 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
    [2011.01.08 15:26:55 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
    [2011.01.08 15:26:54 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
    [2011.01.08 15:26:54 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
    [2011.01.08 15:26:53 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
    [2011.01.08 15:26:53 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
    [2011.01.08 15:26:53 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
    [2011.01.08 15:26:53 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
    [2011.01.08 15:26:53 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
    [2011.01.08 15:26:51 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
    [2011.01.08 15:26:51 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
    [2011.01.08 15:26:51 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
    [2011.01.08 15:26:51 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
    [2011.01.08 15:26:51 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
    [2011.01.08 15:26:51 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2011.01.08 15:26:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
    [2011.01.08 15:26:50 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
    [2011.01.08 15:26:50 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
    [2011.01.08 15:26:50 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
    [2011.01.08 15:26:50 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
    [2011.01.08 15:26:50 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
    [2011.01.08 15:26:50 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
    [2011.01.08 15:26:49 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
    [2011.01.08 15:26:49 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
    [2011.01.08 15:26:49 | 000,780,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveui.dll
    [2011.01.08 15:26:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
    [2011.01.08 15:26:48 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
    [2011.01.08 15:26:48 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
    [2011.01.08 15:26:48 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
    [2011.01.08 15:26:48 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
    [2011.01.08 15:26:48 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
    [2011.01.08 15:26:47 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
    [2011.01.08 15:26:47 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
    [2011.01.08 15:26:47 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
    [2011.01.08 15:26:47 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsiw.dll
    [2011.01.08 15:26:46 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
    [2011.01.08 15:26:46 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
    [2011.01.08 15:26:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
    [2011.01.08 15:26:46 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
    [2011.01.08 15:26:45 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
    [2011.01.08 15:26:45 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
    [2011.01.08 15:26:45 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
    [2011.01.08 15:26:45 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
    [2011.01.08 15:26:44 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
    [2011.01.08 15:26:44 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
    [2011.01.08 15:26:44 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
    [2011.01.08 15:26:44 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
    [2011.01.08 15:26:44 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
    [2011.01.08 15:26:44 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
    [2011.01.08 15:26:43 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
    [2011.01.08 15:26:43 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
    [2011.01.08 15:26:43 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsUltimateExtrasCPL.dll
    [2011.01.08 15:26:43 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
    [2011.01.08 15:26:43 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
    [2011.01.08 15:26:43 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
    [2011.01.08 15:26:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
    [2011.01.08 15:26:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
    [2011.01.08 15:26:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
    [2011.01.08 15:26:43 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
    [2011.01.08 15:26:42 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
    [2011.01.08 15:26:42 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
    [2011.01.08 15:26:42 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
    [2011.01.08 15:26:42 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
    [2011.01.08 15:26:42 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
    [2011.01.08 15:26:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
    [2011.01.08 15:26:42 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
    [2011.01.08 15:26:42 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
    [2011.01.08 15:26:42 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
    [2011.01.08 15:26:42 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
    [2011.01.08 15:26:42 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
    [2011.01.08 15:26:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
    [2011.01.08 15:26:41 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
    [2011.01.08 15:26:41 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
    [2011.01.08 15:26:41 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
    [2011.01.08 15:26:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
    [2011.01.08 15:26:41 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
    [2011.01.08 15:26:41 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
    [2011.01.08 15:26:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
    [2011.01.08 15:26:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
    [2011.01.08 15:26:40 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
    [2011.01.08 15:26:40 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
    [2011.01.08 15:26:40 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
    [2011.01.08 15:26:40 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
    [2011.01.08 15:26:40 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
    [2011.01.08 15:26:39 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
    [2011.01.08 15:26:39 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
    [2011.01.08 15:26:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
    [2011.01.08 15:26:39 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
    [2011.01.08 15:26:38 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
    [2011.01.08 15:26:38 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
    [2011.01.08 15:26:38 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
    [2011.01.08 15:26:38 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
    [2011.01.08 15:26:38 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
    [2011.01.08 15:26:38 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
    [2011.01.08 15:26:37 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
    [2011.01.08 15:26:37 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
    [2011.01.08 15:26:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
    [2011.01.08 15:26:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
    [2011.01.08 15:26:36 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
    [2011.01.08 15:26:36 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
    [2011.01.08 15:26:35 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
    [2011.01.08 15:26:34 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
    [2011.01.08 15:26:33 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
    [2011.01.08 15:26:32 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
    [2011.01.08 15:26:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
    [2011.01.08 15:26:32 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
    [2011.01.08 15:26:32 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
    [2011.01.08 15:26:31 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
    [2011.01.08 15:26:31 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
    [2011.01.08 15:26:31 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
    [2011.01.08 15:26:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
    [2011.01.08 15:26:30 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
    [2011.01.08 15:26:30 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
    [2011.01.08 15:26:30 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
    [2011.01.08 15:26:30 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
    [2011.01.08 15:26:30 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
    [2011.01.08 15:26:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
    [2011.01.08 15:26:30 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
    [2011.01.08 15:26:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
    [2011.01.08 15:26:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
    [2011.01.08 15:26:30 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
    [2011.01.08 15:26:29 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
    [2011.01.08 15:26:29 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
    [2011.01.08 15:26:29 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
    [2011.01.08 15:26:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
    [2011.01.08 15:26:28 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
    [2011.01.08 15:26:28 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
    [2011.01.08 15:26:28 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
    [2011.01.08 15:26:28 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
    [2011.01.08 15:26:27 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
    [2011.01.08 15:26:27 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
    [2011.01.08 15:26:27 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
    [2011.01.08 15:26:27 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
    [2011.01.08 15:26:27 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
    [2011.01.08 15:26:27 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
    [2011.01.08 15:26:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
    [2011.01.08 15:26:26 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
    [2011.01.08 15:26:26 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
    [2011.01.08 15:26:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
    [2011.01.08 15:26:25 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
    [2011.01.08 15:26:23 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
    [2011.01.08 15:26:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
    [2011.01.08 15:26:23 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
    [2011.01.08 15:26:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
    [2011.01.08 15:26:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
    [2011.01.08 15:26:23 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
    [2011.01.08 15:26:22 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
    [2011.01.08 15:26:22 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
    [2011.01.08 15:26:22 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
    [2011.01.08 15:26:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
    [2011.01.08 15:26:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
    [2011.01.08 15:26:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
    [2011.01.08 15:26:21 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
    [2011.01.08 15:26:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
    [2011.01.08 15:26:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
    [2011.01.08 15:26:21 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
    [2011.01.08 15:26:21 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
    [2011.01.08 15:26:21 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
    [2011.01.08 15:26:21 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
    [2011.01.08 15:26:21 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe
    [2011.01.08 15:26:21 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
    [2011.01.08 15:26:20 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
    [2011.01.08 15:26:20 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
    [2011.01.08 15:26:20 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
    [2011.01.08 15:26:20 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
    [2011.01.08 15:26:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
    [2011.01.08 15:26:20 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
    [2011.01.08 15:26:20 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
    [2011.01.08 15:26:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
    [2011.01.08 15:26:20 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
    [2011.01.08 15:26:20 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
    [2011.01.08 15:26:19 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
    [2011.01.08 15:26:19 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
    [2011.01.08 15:26:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
    [2011.01.08 15:26:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
    [2011.01.08 15:26:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
    [2011.01.08 15:26:18 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
    [2011.01.08 15:26:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
    [2011.01.08 15:26:18 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
    [2011.01.08 15:26:17 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
    [2011.01.08 15:26:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
    [2011.01.08 15:26:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
    [2011.01.08 15:26:17 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
    [2011.01.08 15:26:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
    [2011.01.08 15:26:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
    [2011.01.08 15:26:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
    [2011.01.08 15:26:16 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
    [2011.01.08 15:26:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
    [2011.01.08 15:26:15 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
    [2011.01.08 15:26:15 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
    [2011.01.08 15:26:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
    [2011.01.08 15:26:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
    [2011.01.08 15:26:15 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
    [2011.01.08 15:26:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
    [2011.01.08 15:26:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
    [2011.01.08 15:26:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
    [2011.01.08 15:26:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
    [2011.01.08 15:26:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
    [2011.01.08 15:26:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
    [2011.01.08 15:26:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
    [2011.01.08 15:26:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
    [2011.01.08 15:26:13 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
    [2011.01.08 15:26:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
    [2011.01.08 15:26:11 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
    [2011.01.08 15:26:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
    [2011.01.08 15:26:11 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
    [2011.01.08 15:25:39 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
    [2011.01.08 15:25:34 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
    [2011.01.08 15:25:34 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
    [2011.01.08 15:25:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
    [2011.01.08 14:32:41 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
    [2011.01.08 14:32:39 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011.01.08 14:32:38 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011.01.08 14:32:36 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
    [2011.01.08 14:32:23 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
    [2011.01.08 14:32:02 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
    [2011.01.08 14:31:45 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
    [2011.01.08 14:24:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2011.01.08 14:24:22 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2011.01.08 14:24:21 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2011.01.08 14:24:19 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2011.01.08 14:24:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2011.01.08 14:24:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2011.01.08 14:24:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2011.01.08 14:24:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2011.01.08 14:24:18 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2011.01.08 14:24:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011.01.08 14:24:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011.01.08 14:24:15 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2011.01.08 14:24:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2011.01.08 14:24:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011.01.08 14:24:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2011.01.08 14:24:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2011.01.08 14:24:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011.01.08 14:04:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
    [2011.01.08 14:03:09 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011.01.08 14:03:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
    [2011.01.08 14:02:56 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
    [2011.01.08 14:02:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
    [2011.01.08 14:02:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
    [2011.01.08 14:02:26 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
    [2011.01.08 14:02:20 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
    [2011.01.08 14:02:19 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
    [2011.01.08 14:02:11 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
    [2011.01.08 14:02:00 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
    [2011.01.08 14:01:59 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
    [2011.01.08 14:01:59 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
    [2011.01.08 14:00:58 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    [2011.01.08 13:55:12 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2011.01.08 13:55:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2011.01.08 13:55:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
    [2011.01.08 13:51:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011.01.08 12:24:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011.01.08 12:00:23 | 000,000,000 | ---D | C] -- C:\Users\Kurt\AppData\Local\Sunbelt Software
    [2011.01.08 11:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011.01.08 11:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011.01.07 18:19:33 | 000,000,000 | ---D | C] -- C:\PerfLogs
    [2011.01.07 16:55:00 | 000,000,000 | ---D | C] -- C:\Users\Kurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2011.01.07 16:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2011.01.07 13:58:39 | 000,000,000 | ---D | C] -- C:\Users\Kurt\AppData\Roaming\Malwarebytes
    [2011.01.07 13:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011.01.07 13:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011.01.06 21:28:45 | 000,293,968 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011.01.06 21:28:45 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011.01.06 21:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011.01.06 21:28:43 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011.01.06 21:28:41 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011.01.06 21:28:38 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011.01.06 21:27:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011.01.06 21:27:10 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011.01.06 21:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2011.01.06 21:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2011.01.06 12:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011.01.06 12:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011.01.06 12:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011.01.06 11:21:12 | 000,532,480 | ---- | C] (Lilia) -- C:\Users\Kurt\AppData\Local\gnngnnf.exe
    [2010.12.30 23:20:03 | 000,000,000 | ---D | C] -- C:\Users\Kurt\Documents\Lisa
    [2010.12.28 23:26:13 | 000,000,000 | ---D | C] -- C:\Users\Kurt\Desktop\Rose
    [2010.12.21 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\Kurt\Desktop\EVI 50

    ========== Files - Modified Within 30 Days ==========

    [2011.01.09 17:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kurt\Desktop\OTL.exe
    [2011.01.09 17:49:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011.01.09 17:49:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011.01.09 17:28:09 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.09 17:26:24 | 000,696,234 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2011.01.09 17:26:24 | 000,651,548 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011.01.09 17:26:24 | 000,154,710 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2011.01.09 17:26:24 | 000,125,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011.01.09 17:21:48 | 000,164,880 | ---- | M] () -- C:\Users\Kurt\AppData\Roaming\nvModes.001
    [2011.01.09 17:20:23 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
    [2011.01.09 17:19:52 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
    [2011.01.09 17:19:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.01.09 17:19:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.01.09 17:19:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.01.09 17:19:38 | 2128,920,576 | -HS- | M] () -- C:\hiberfil.sys
    [2011.01.09 17:18:31 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011.01.09 17:15:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Kurt\Desktop\TFC.exe
    [2011.01.09 16:55:40 | 000,003,142 | ---- | M] () -- C:\Users\Kurt\AppData\Local\gnngnnf_navps.dat
    [2011.01.09 16:54:54 | 000,003,305 | ---- | M] () -- C:\Users\Kurt\AppData\Local\gnngnnf.dat
    [2011.01.09 15:03:46 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job
    [2011.01.09 14:55:42 | 000,000,089 | ---- | M] () -- C:\Users\Kurt\AppData\Local\wiirtc.bat
    [2011.01.09 14:53:03 | 350,314,171 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011.01.09 14:38:22 | 000,296,448 | ---- | M] () -- C:\Users\Kurt\Desktop\73pcr0jw.exe
    [2011.01.09 14:34:39 | 000,624,128 | ---- | M] () -- C:\Users\Kurt\Desktop\dds.scr
    [2011.01.09 13:53:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011.01.09 13:52:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2011.01.08 17:27:14 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011.01.08 17:26:49 | 000,414,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011.01.08 17:20:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    [2011.01.08 17:19:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2011.01.08 16:14:57 | 000,002,631 | ---- | M] () -- C:\Users\Kurt\Desktop\Word.lnk
    [2011.01.08 12:24:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011.01.07 19:35:38 | 000,033,280 | ---- | M] () -- C:\Users\Kurt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.01.07 18:02:29 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
    [2011.01.07 18:02:21 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
    [2011.01.07 16:55:00 | 000,001,067 | ---- | M] () -- C:\Users\Kurt\Desktop\Revo Uninstaller.lnk
    [2011.01.06 22:41:21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kurt\Desktop\HijackThis.exe
    [2011.01.06 21:39:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011.01.06 21:28:45 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011.01.06 19:47:54 | 000,232,726 | ---- | M] () -- C:\Users\Kurt\AppData\Local\gnngnnf_nav.dat
    [2011.01.06 11:56:50 | 000,387,072 | ---- | M] () -- C:\Users\Kurt\Documents\22.doc
    [2011.01.06 11:21:12 | 000,532,480 | ---- | M] (Lilia) -- C:\Users\Kurt\AppData\Local\gnngnnf.exe
    [2011.01.03 10:52:33 | 000,000,009 | ---- | M] () -- C:\Users\Kurt\AppData\Roaming\mdb.bin
    [2011.01.03 01:54:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\AclanProfile.xml
    [2011.01.01 21:40:37 | 000,164,880 | ---- | M] () -- C:\Users\Kurt\AppData\Roaming\nvModes.dat
    [2011.01.01 21:05:01 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
    [2010.12.31 21:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010.12.31 20:56:37 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010.12.22 16:42:01 | 000,667,648 | ---- | M] () -- C:\Users\Kurt\AppData\Local\dbavmj.exe
    [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2011.01.09 17:28:09 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.09 14:43:43 | 350,314,171 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011.01.09 14:38:22 | 000,296,448 | ---- | C] () -- C:\Users\Kurt\Desktop\73pcr0jw.exe
    [2011.01.09 14:34:46 | 000,624,128 | ---- | C] () -- C:\Users\Kurt\Desktop\dds.scr
    [2011.01.09 13:53:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011.01.09 13:52:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2011.01.08 17:20:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    [2011.01.08 17:19:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2011.01.08 15:46:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011.01.08 15:45:57 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
    [2011.01.08 15:27:48 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
    [2011.01.08 15:27:46 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
    [2011.01.08 15:27:36 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
    [2011.01.08 15:27:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011.01.08 15:27:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011.01.08 15:27:31 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
    [2011.01.08 15:27:26 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
    [2011.01.08 15:27:12 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
    [2011.01.08 15:27:09 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
    [2011.01.08 15:26:21 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011.01.08 15:26:14 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
    [2011.01.08 15:26:07 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
    [2011.01.08 12:33:38 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011.01.07 16:55:00 | 000,001,067 | ---- | C] () -- C:\Users\Kurt\Desktop\Revo Uninstaller.lnk
    [2011.01.06 21:28:45 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011.01.06 11:21:17 | 000,232,726 | ---- | C] () -- C:\Users\Kurt\AppData\Local\gnngnnf_nav.dat
    [2011.01.06 11:21:17 | 000,003,142 | ---- | C] () -- C:\Users\Kurt\AppData\Local\gnngnnf_navps.dat
    [2011.01.06 11:21:16 | 000,003,305 | ---- | C] () -- C:\Users\Kurt\AppData\Local\gnngnnf.dat
    [2010.12.22 16:42:01 | 000,667,648 | ---- | C] () -- C:\Users\Kurt\AppData\Local\dbavmj.exe
    [2010.08.28 02:04:42 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2010.04.26 10:41:17 | 000,000,089 | ---- | C] () -- C:\Users\Kurt\AppData\Local\wiirtc.bat
    [2010.03.28 12:33:28 | 000,000,004 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt
    [2009.07.11 17:58:07 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2009.07.11 17:57:32 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
    [2009.04.07 12:27:44 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009.02.09 14:17:15 | 000,000,088 | ---- | C] () -- C:\Users\Kurt\AppData\Local\mkawvca.bat
    [2009.01.25 11:41:45 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009.01.25 11:41:45 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2008.08.05 10:37:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2008.06.02 19:13:34 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
    [2008.05.26 16:50:34 | 000,000,009 | ---- | C] () -- C:\Users\Kurt\AppData\Roaming\mdb.bin
    [2008.05.05 14:23:44 | 000,033,280 | ---- | C] () -- C:\Users\Kurt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008.04.06 18:08:09 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008.04.05 12:33:16 | 000,001,814 | ---- | C] () -- C:\Windows\hpdj5700.ini
    [2008.03.06 19:25:11 | 000,000,092 | ---- | C] () -- C:\Users\Kurt\AppData\Local\fusioncache.dat
    [2007.12.27 22:40:07 | 000,164,880 | ---- | C] () -- C:\Users\Kurt\AppData\Roaming\nvModes.001
    [2007.12.27 21:50:56 | 000,164,880 | ---- | C] () -- C:\Users\Kurt\AppData\Roaming\nvModes.dat
    [2007.12.27 21:22:32 | 000,001,356 | ---- | C] () -- C:\Users\Kurt\AppData\Local\d3d9caps.dat
    [2007.12.11 19:59:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2007.12.11 19:59:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2007.12.11 19:59:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2007.12.11 19:59:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2007.12.11 19:59:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2007.12.11 19:59:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2007.12.11 19:56:49 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
    [2007.12.11 19:56:49 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
    [2007.12.11 19:52:20 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2007.12.11 19:30:06 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
    [2007.08.15 08:51:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007.08.03 14:14:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2007.07.27 07:37:40 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
    [2007.07.27 07:37:29 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
    [2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006.11.02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006.09.05 14:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL
    [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    ========== LOP Check ==========

    [2009.12.28 17:16:24 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\Canon
    [2009.11.14 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\gtk-2.0
    [2010.11.02 13:17:00 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\ICQ
    [2008.07.10 12:24:25 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\ICQ Toolbar
    [2009.04.12 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\IN-MEDIAKG
    [2008.03.29 16:43:51 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\InterTrust
    [2007.12.30 15:16:07 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\InterVideo
    [2007.12.27 21:27:15 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\Lenovo
    [2008.03.06 19:25:31 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\T-Online
    [2009.01.06 09:43:03 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\Uniblue
    [2009.05.15 10:26:18 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\Windows Live Writer
    [2011.01.08 17:27:14 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2011.01.09 17:18:32 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011.01.09 15:03:46 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011.01.08 15:59:59 | 000,000,444 | ---- | M] () -- C:\aaw7boot.log
    [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006.11.10 04:01:35 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011.01.09 17:19:38 | 2128,920,576 | -HS- | M] () -- C:\hiberfil.sys
    [2009.09.04 11:34:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009.09.04 11:34:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011.01.09 17:19:36 | 2442,690,560 | -HS- | M] () -- C:\pagefile.sys
    [2007.12.11 19:33:30 | 000,000,086 | ---- | M] () -- C:\setup.log
    [2007.12.12 03:48:07 | 000,000,053 | ---- | M] () -- C:\syslevel.lgl
    [2008.03.06 21:48:46 | 000,000,152 | ---- | M] () -- C:\TO_InstallLog.txt
    [2007.12.11 20:22:56 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-09 12:04:54

    < End of report >
     
  7. rosepeter

    rosepeter Thread Starter

    Joined:
    Jan 9, 2011
    Messages:
    10
    OTL Extras logfile created on: 09.01.2011 17:59:42 - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Kurt\Desktop
    Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 179,62 Gb Total Space | 71,94 Gb Free Space | 40,05% Space Free | Partition Type: NTFS

    Computer Name: KURT-PC | User Name: Kurt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
    htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
    http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
    https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 0
    "UpdatesDisableNotify" = 0
    "FirstRunDisabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3596B59E-3270-4688-BE45-0DF3BC8C9D0A}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{44A6077B-0A60-4934-85A7-8B93195F0A5E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{51B818D0-11FC-4281-8FC0-916457831B18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5B7868E4-DFD9-4F22-9014-DF43C5C32907}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{61BCAF41-496E-46B3-9745-A275FB601384}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9A770EAE-4B10-4C95-A9F7-4EDD54CF1B8E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{AD19A32B-F235-4E54-963F-D967868DB901}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AD982407-A791-4286-B38C-3399AB5E8A36}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{CD4EEB0C-A112-41CB-9A63-27D816FCB2B5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D5C412C5-0C1C-49B2-B458-0E418D39139F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F82F9A16-3BD1-48C9-9D48-067F860718F3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{16D20BD2-C072-4258-AC82-54690A8B31AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{2B4A6165-989D-47B2-86BD-0195B8DD8E48}" = protocol=58 | dir=in | [email protected],-148 |
    "{2C0B2ED2-6051-46A6-8B49-541B869ECEF4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{31D01A25-93DA-4EF6-9030-CF7B6D0CA2BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{42117C09-0564-4FDD-A686-757D8B66E877}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{47691758-BF2E-4A48-A619-40917BEBBAB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{62C0B974-71E5-4927-B168-EEFBD2AA14BA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{7701388A-C183-4035-ACAC-7A6E3F23A2AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E4B3A434-6CB0-48EC-8755-0FAFC327D2C3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{E9C0CECB-7600-407C-AD5E-08000FECD4D4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{046BE5EF-2290-4140-A336-B15D6847D1A3}C:\users\kurt\bluetooth software\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\kurt\bluetooth software\icq6.5\icq.exe |
    "TCP Query User{6A984E02-31AB-41AB-964D-7A96C6674BAB}C:\users\kurt\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\kurt\icq6\icq.exe |
    "TCP Query User{7A593854-C619-416F-AAF7-6C63FF43BADD}C:\users\kurt\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\kurt\icq6\icq.exe |
    "TCP Query User{81DC0ACF-254B-4CA7-8CFA-78DAC52F8297}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{990186B6-DB8D-45FC-B6D2-D0683E0D7B4B}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
    "TCP Query User{9DC59CDD-2909-4F67-AEC1-3C30D6EAF522}C:\users\kurt\bluetooth software\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\kurt\bluetooth software\icq6\icq.exe |
    "TCP Query User{A0655908-3008-4158-89AF-31CFD608AE5A}C:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe |
    "UDP Query User{083557F0-5DCB-477D-AA6F-A1B8FE91FDD1}C:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe |
    "UDP Query User{304B56C0-41B4-4CA9-A245-DBB67C5A8A4D}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{3223E4B9-6390-42B3-9CB1-394A122BECC9}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
    "UDP Query User{AFE0A5A6-539E-4567-AD34-620060A072F3}C:\users\kurt\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\kurt\icq6\icq.exe |
    "UDP Query User{B3179728-61BD-4589-9383-AE2A95833A16}C:\users\kurt\bluetooth software\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\kurt\bluetooth software\icq6\icq.exe |
    "UDP Query User{CF8F3991-E792-4BCA-8AE9-86898AA6F4EB}C:\users\kurt\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\kurt\icq6\icq.exe |
    "UDP Query User{E40150CD-5DAD-4E68-89EE-8732AE68D50D}C:\users\kurt\bluetooth software\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\kurt\bluetooth software\icq6.5\icq.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
    "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
    "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
    "{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
    "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
    "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
    "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
    "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype&#8482; 4.0
    "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
    "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
    "{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
    "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
    "{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
    "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
    "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
    "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
    "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
    "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
    "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
    "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
    "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
    "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
    "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
    "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
    "{92AD5564-AFE0-4CED-B7D1-370896752872}" = ThinkPad Mobility Center Customization
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
    "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
    "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
    "{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
    "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
    "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
    "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
    "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
    "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion
    "1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
    "1B609D7E6D10BAF8F2B5CB6A0A89867EF7F61A3E" = Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)
    "2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
    "33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
    "38884E3EBEF76FE8FCF8DF8349FE73E84B85632C" = Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)
    "38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
    "4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
    "530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
    "5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
    "67CCAA793684CADDDCD55BAD807632E611CA05D2" = Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
    "778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
    "787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
    "ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
    "avast5" = avast! Free Antivirus
    "AwayTask" = Maintenance Manager
    "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
    "Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
    "DPP" = Canon Utilities Digital Photo Professional 3.4
    "E40782D0B0D2A7F661A275F639A54DDA57386FB8" = Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
    "E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
    "EOS USB WIA Driver" = EOS USB WIA Driver
    "EOS Utility" = Canon Utilities EOS Utility
    "FotoWorks XL_is1" = FotoWorks XL
    "FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
    "Google Chrome" = Google Chrome
    "Lenovo Registration" = Lenovo Registration
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
    "MyCamera" = Canon Utilities MyCamera
    "NVIDIA Drivers" = NVIDIA Drivers
    "OnScreenDisplay" = Anzeige am Bildschirm
    "Original Data Security Tools" = Canon Utilities Original Data Security Tools
    "PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picasa 3" = Picasa 3
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "Power Management Driver" = ThinkPad Power Management Driver
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Revo Uninstaller" = Revo Uninstaller 1.91
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
    "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
    "WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 07.01.2011 12:43:25 | Computer Name = Kurt-PC | Source = VSS | ID = 12293
    Description =

    Error - 07.01.2011 12:43:27 | Computer Name = Kurt-PC | Source = VSS | ID = 8194
    Description =

    Error - 07.01.2011 13:22:27 | Computer Name = Kurt-PC | Source = WerSvc | ID = 5007
    Description =

    Error - 07.01.2011 13:50:50 | Computer Name = Kurt-PC | Source = ESENT | ID = 215
    Description = WinMail (2840) WindowsMail0: The backup has been stopped because it
    was halted by the client or the connection with the client failed.

    Error - 08.01.2011 07:00:16 | Computer Name = Kurt-PC | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 08.01.2011 11:08:08 | Computer Name = Kurt-PC | Source = Windows Search Service | ID = 3024
    Description =

    Error - 08.01.2011 12:21:33 | Computer Name = Kurt-PC | Source = Windows Search Service | ID = 3024
    Description =

    Error - 08.01.2011 12:24:22 | Computer Name = Kurt-PC | Source = RPC | ID = 10
    Description =

    Error - 08.01.2011 12:45:53 | Computer Name = Kurt-PC | Source = ESENT | ID = 215
    Description = WinMail (5972) WindowsMail0: The backup has been stopped because it
    was halted by the client or the connection with the client failed.

    Error - 09.01.2011 11:00:08 | Computer Name = Kurt-PC | Source = Perflib | ID = 1010
    Description =

    [ System Events ]
    Error - 09.01.2011 12:00:47 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 09.01.2011 12:01:12 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 09.01.2011 12:11:36 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 09.01.2011 12:16:45 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 09.01.2011 12:20:28 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 09.01.2011 12:22:16 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 09.01.2011 12:22:25 | Computer Name = Kurt-PC | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.

    Error - 09.01.2011 12:22:44 | Computer Name = Kurt-PC | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.

    Error - 09.01.2011 12:22:46 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 09.01.2011 12:23:30 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7011
    Description =


    < End of report >
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    You` ve posted OTL Txt log twice and not posted Extras Txt log, can you post please
     
  9. rosepeter

    rosepeter Thread Starter

    Joined:
    Jan 9, 2011
    Messages:
    10
    Really? Sorry about that here it is. Thanks heaps for your help.

    OTL Extras logfile created on: 09.01.2011 17:59:42 - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Kurt\Desktop
    Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 179,62 Gb Total Space | 71,94 Gb Free Space | 40,05% Space Free | Partition Type: NTFS

    Computer Name: KURT-PC | User Name: Kurt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
    htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG)
    http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
    https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 0
    "UpdatesDisableNotify" = 0
    "FirstRunDisabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3596B59E-3270-4688-BE45-0DF3BC8C9D0A}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{44A6077B-0A60-4934-85A7-8B93195F0A5E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{51B818D0-11FC-4281-8FC0-916457831B18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5B7868E4-DFD9-4F22-9014-DF43C5C32907}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{61BCAF41-496E-46B3-9745-A275FB601384}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9A770EAE-4B10-4C95-A9F7-4EDD54CF1B8E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{AD19A32B-F235-4E54-963F-D967868DB901}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AD982407-A791-4286-B38C-3399AB5E8A36}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{CD4EEB0C-A112-41CB-9A63-27D816FCB2B5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D5C412C5-0C1C-49B2-B458-0E418D39139F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F82F9A16-3BD1-48C9-9D48-067F860718F3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{16D20BD2-C072-4258-AC82-54690A8B31AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{2B4A6165-989D-47B2-86BD-0195B8DD8E48}" = protocol=58 | dir=in | [email protected],-148 |
    "{2C0B2ED2-6051-46A6-8B49-541B869ECEF4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{31D01A25-93DA-4EF6-9030-CF7B6D0CA2BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{42117C09-0564-4FDD-A686-757D8B66E877}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{47691758-BF2E-4A48-A619-40917BEBBAB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{62C0B974-71E5-4927-B168-EEFBD2AA14BA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{7701388A-C183-4035-ACAC-7A6E3F23A2AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E4B3A434-6CB0-48EC-8755-0FAFC327D2C3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{E9C0CECB-7600-407C-AD5E-08000FECD4D4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{046BE5EF-2290-4140-A336-B15D6847D1A3}C:\users\kurt\bluetooth software\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\kurt\bluetooth software\icq6.5\icq.exe |
    "TCP Query User{6A984E02-31AB-41AB-964D-7A96C6674BAB}C:\users\kurt\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\kurt\icq6\icq.exe |
    "TCP Query User{7A593854-C619-416F-AAF7-6C63FF43BADD}C:\users\kurt\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\kurt\icq6\icq.exe |
    "TCP Query User{81DC0ACF-254B-4CA7-8CFA-78DAC52F8297}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{990186B6-DB8D-45FC-B6D2-D0683E0D7B4B}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
    "TCP Query User{9DC59CDD-2909-4F67-AEC1-3C30D6EAF522}C:\users\kurt\bluetooth software\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\kurt\bluetooth software\icq6\icq.exe |
    "TCP Query User{A0655908-3008-4158-89AF-31CFD608AE5A}C:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe |
    "UDP Query User{083557F0-5DCB-477D-AA6F-A1B8FE91FDD1}C:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\musicload\program\musicloadmanager.exe |
    "UDP Query User{304B56C0-41B4-4CA9-A245-DBB67C5A8A4D}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{3223E4B9-6390-42B3-9CB1-394A122BECC9}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
    "UDP Query User{AFE0A5A6-539E-4567-AD34-620060A072F3}C:\users\kurt\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\kurt\icq6\icq.exe |
    "UDP Query User{B3179728-61BD-4589-9383-AE2A95833A16}C:\users\kurt\bluetooth software\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\kurt\bluetooth software\icq6\icq.exe |
    "UDP Query User{CF8F3991-E792-4BCA-8AE9-86898AA6F4EB}C:\users\kurt\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\kurt\icq6\icq.exe |
    "UDP Query User{E40150CD-5DAD-4E68-89EE-8732AE68D50D}C:\users\kurt\bluetooth software\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\kurt\bluetooth software\icq6.5\icq.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
    "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
    "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
    "{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
    "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
    "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
    "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
    "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
    "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
    "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
    "{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
    "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
    "{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
    "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
    "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
    "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
    "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
    "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
    "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
    "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
    "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
    "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
    "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
    "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
    "{92AD5564-AFE0-4CED-B7D1-370896752872}" = ThinkPad Mobility Center Customization
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
    "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
    "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
    "{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
    "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
    "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
    "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
    "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
    "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion
    "1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
    "1B609D7E6D10BAF8F2B5CB6A0A89867EF7F61A3E" = Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)
    "2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
    "33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
    "38884E3EBEF76FE8FCF8DF8349FE73E84B85632C" = Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)
    "38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
    "4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
    "530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
    "5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
    "67CCAA793684CADDDCD55BAD807632E611CA05D2" = Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
    "778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
    "787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
    "ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
    "avast5" = avast! Free Antivirus
    "AwayTask" = Maintenance Manager
    "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
    "Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
    "DPP" = Canon Utilities Digital Photo Professional 3.4
    "E40782D0B0D2A7F661A275F639A54DDA57386FB8" = Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
    "E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
    "EOS USB WIA Driver" = EOS USB WIA Driver
    "EOS Utility" = Canon Utilities EOS Utility
    "FotoWorks XL_is1" = FotoWorks XL
    "FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
    "Google Chrome" = Google Chrome
    "Lenovo Registration" = Lenovo Registration
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
    "MyCamera" = Canon Utilities MyCamera
    "NVIDIA Drivers" = NVIDIA Drivers
    "OnScreenDisplay" = Anzeige am Bildschirm
    "Original Data Security Tools" = Canon Utilities Original Data Security Tools
    "PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picasa 3" = Picasa 3
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "Power Management Driver" = ThinkPad Power Management Driver
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Revo Uninstaller" = Revo Uninstaller 1.91
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
    "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
    "WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 07.01.2011 12:43:25 | Computer Name = Kurt-PC | Source = VSS | ID = 12293
    Description =

    Error - 07.01.2011 12:43:27 | Computer Name = Kurt-PC | Source = VSS | ID = 8194
    Description =

    Error - 07.01.2011 13:22:27 | Computer Name = Kurt-PC | Source = WerSvc | ID = 5007
    Description =

    Error - 07.01.2011 13:50:50 | Computer Name = Kurt-PC | Source = ESENT | ID = 215
    Description = WinMail (2840) WindowsMail0: The backup has been stopped because it
    was halted by the client or the connection with the client failed.

    Error - 08.01.2011 07:00:16 | Computer Name = Kurt-PC | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 08.01.2011 11:08:08 | Computer Name = Kurt-PC | Source = Windows Search Service | ID = 3024
    Description =

    Error - 08.01.2011 12:21:33 | Computer Name = Kurt-PC | Source = Windows Search Service | ID = 3024
    Description =

    Error - 08.01.2011 12:24:22 | Computer Name = Kurt-PC | Source = RPC | ID = 10
    Description =

    Error - 08.01.2011 12:45:53 | Computer Name = Kurt-PC | Source = ESENT | ID = 215
    Description = WinMail (5972) WindowsMail0: The backup has been stopped because it
    was halted by the client or the connection with the client failed.

    Error - 09.01.2011 11:00:08 | Computer Name = Kurt-PC | Source = Perflib | ID = 1010
    Description =

    [ System Events ]
    Error - 09.01.2011 12:00:47 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 09.01.2011 12:01:12 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 09.01.2011 12:11:36 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 09.01.2011 12:16:45 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 09.01.2011 12:20:28 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 09.01.2011 12:22:16 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 09.01.2011 12:22:25 | Computer Name = Kurt-PC | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.

    Error - 09.01.2011 12:22:44 | Computer Name = Kurt-PC | Source = ipnathlp | ID = 31004
    Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
    may indicate that the system is low on virtual memory, or that the memory manager
    has encountered an internal error.

    Error - 09.01.2011 12:22:46 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 09.01.2011 12:23:30 | Computer Name = Kurt-PC | Source = Service Control Manager | ID = 7011
    Description =


    < End of report >
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    HiYa Pete,

    Apologies my friend, you did post the Extras log, its actually showing. Not sure why but when I asked you to post it definitely wasn`t there, only two OTL Txt logs.....

    OK proceed as follows please :-

    Step 1

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
      DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
      :Services
      :Reg
      :Files
      ipconfig /flushdns /c
      C:\ProgramData\IObit
      C:\Program Files\IObit
      C:\ProgramData\Lavasoft
      C:\Program Files\Lavasoft
      C:\Users\Kurt\AppData\Local\gnngnnf_navps.dat
      C:\Users\Kurt\AppData\Local\gnngnnf.dat
      C:\Users\Kurt\AppData\Local\wiirtc.bat
      C:\Users\Kurt\AppData\Local\gnngnnf.exe
      C:\Users\Kurt\AppData\Local\dbavmj.exe
      C:\Windows\mgxoschk.ini
      C:\Users\Kurt\AppData\Local\mkawvca.bat
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your
    system.

    What i`d like in your reply :-

    • Log from OTL fix
    • Log from OTL Quick scan
    • Log from ESET
    • System update, any specific issues

    Kevin
     
  11. rosepeter

    rosepeter Thread Starter

    Joined:
    Jan 9, 2011
    Messages:
    10
    Hi Kevin,

    I am just running the ESET scan. I will post the results in the morning. Thanks heaps for all your help so far. I have already noticed the random popups have stopped. I hope the computer wasn't too infected but I'll change my passwords once all is solved to be safe.

    Pete
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK Pete, just post the logs when you`re ready. Be aware that the ESET scan can take between one and several hours depending on the size of your system and the amount of data etc.

    Kevin.
     
  13. rosepeter

    rosepeter Thread Starter

    Joined:
    Jan 9, 2011
    Messages:
    10
    Hi Kevin,
    The computer seems to be running alot better now I haven't had any issues or random popups since completing your initial instructions. I have posted the logs below.


    All processes killed
    ========== OTL ==========
    Service USBAAPL stopped successfully!
    Service USBAAPL deleted successfully!
    File C:\Windows\System32\Drivers\usbaapl.sys not found.
    Service UIUSys stopped successfully!
    Service UIUSys deleted successfully!
    File C:\Windows\System32\DRIVERS\UIUSYS.SYS not found.
    Service NwlnkFwd stopped successfully!
    Service NwlnkFwd deleted successfully!
    File C:\Windows\System32\DRIVERS\nwlnkfwd.sys not found.
    Service NwlnkFlt stopped successfully!
    Service NwlnkFlt deleted successfully!
    File C:\Windows\System32\DRIVERS\nwlnkflt.sys not found.
    Service Lavasoft Kernexplorer stopped successfully!
    Service Lavasoft Kernexplorer deleted successfully!
    File C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys not found.
    Service IpInIp stopped successfully!
    Service IpInIp deleted successfully!
    File C:\Windows\System32\DRIVERS\ipinip.sys not found.
    Service blbdrive stopped successfully!
    Service blbdrive deleted successfully!
    File C:\Windows\System32\drivers\blbdrive.sys not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Kurt\Desktop\cmd.bat deleted successfully.
    C:\Users\Kurt\Desktop\cmd.txt deleted successfully.
    C:\ProgramData\IObit\IObit Security 360 folder moved successfully.
    C:\ProgramData\IObit folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\Update\Language folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\Update folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\Quarantine Zone folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\log\Scan folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\log folder moved successfully.
    C:\Program Files\IObit\IObit Security 360\Downloaded folder moved successfully.
    C:\Program Files\IObit\IObit Security 360 folder moved successfully.
    C:\Program Files\IObit folder moved successfully.
    C:\ProgramData\Lavasoft\License folder moved successfully.
    C:\ProgramData\Lavasoft folder moved successfully.
    C:\Program Files\Lavasoft\Ad-Aware folder moved successfully.
    C:\Program Files\Lavasoft folder moved successfully.
    C:\Users\Kurt\AppData\Local\gnngnnf_navps.dat moved successfully.
    C:\Users\Kurt\AppData\Local\gnngnnf.dat moved successfully.
    C:\Users\Kurt\AppData\Local\wiirtc.bat moved successfully.
    C:\Users\Kurt\AppData\Local\gnngnnf.exe moved successfully.
    C:\Users\Kurt\AppData\Local\dbavmj.exe moved successfully.
    C:\Windows\mgxoschk.ini moved successfully.
    C:\Users\Kurt\AppData\Local\mkawvca.bat moved successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Gemma
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kurt
    ->Temp folder emptied: 1312 bytes
    ->Temporary Internet Files folder emptied: 181210 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 41634634 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1163 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49632 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 40,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Gemma
    ->Flash cache emptied: 0 bytes

    User: Kurt
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb



    OTL by OldTimer - Version 3.2.20.1 log created on 01092011_222715

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    OTL logfile created on: 09.01.2011 22:36:43 - Run 2
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Kurt\Desktop
    Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 179,62 Gb Total Space | 70,73 Gb Free Space | 39,38% Space Free | Partition Type: NTFS

    Computer Name: KURT-PC | User Name: Kurt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011.01.09 17:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kurt\Desktop\OTL.exe
    PRC - [2010.12.31 21:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010.12.09 00:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2010.09.24 10:15:10 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
    PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008.04.08 16:49:18 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
    PRC - [2008.02.22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2007.09.28 16:29:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
    PRC - [2007.09.28 13:28:40 | 000,181,544 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
    PRC - [2007.08.09 11:03:38 | 002,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    PRC - [2007.08.09 10:45:36 | 000,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    PRC - [2007.08.09 10:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    PRC - [2007.07.26 16:55:16 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe
    PRC - [2007.07.09 21:40:30 | 001,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2007.07.05 15:49:18 | 000,128,296 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    PRC - [2007.07.05 15:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    PRC - [2007.07.05 15:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    PRC - [2007.07.05 15:48:54 | 000,206,120 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    PRC - [2007.07.05 15:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    PRC - [2007.07.05 10:00:50 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2007.06.07 16:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
    PRC - [2007.05.31 11:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
    PRC - [2007.04.26 18:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
    PRC - [2007.04.09 19:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    PRC - [2007.03.29 13:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
    PRC - [2007.03.28 18:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    PRC - [2007.03.14 22:18:22 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    PRC - [2007.03.13 09:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
    PRC - [2007.03.09 06:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    PRC - [2007.03.08 05:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2007.03.02 06:07:28 | 000,055,936 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2007.02.05 23:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
    PRC - [2007.02.01 19:00:01 | 000,419,376 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    PRC - [2007.01.30 04:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
    PRC - [2007.01.08 20:12:28 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    PRC - [2007.01.08 20:12:20 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    PRC - [2007.01.08 20:03:26 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    PRC - [2007.01.08 20:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    PRC - [2007.01.08 19:49:46 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    PRC - [2007.01.08 18:42:20 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2006.11.15 16:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    PRC - [2006.11.15 16:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2006.11.07 11:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    PRC - [2006.11.03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
    PRC - [2006.09.06 08:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe


    ========== Modules (SafeList) ==========

    MOD - [2011.01.09 17:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kurt\Desktop\OTL.exe
    MOD - [2010.12.31 21:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007.09.28 16:29:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
    SRV - [2007.08.09 10:45:36 | 000,722,232 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
    SRV - [2007.08.09 10:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
    SRV - [2007.07.05 15:48:54 | 000,206,120 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
    SRV - [2007.07.05 15:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2007.06.07 16:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2007.05.31 11:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
    SRV - [2007.03.02 06:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV - [2007.02.05 23:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2007.01.30 04:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
    SRV - [2007.01.08 20:12:20 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
    SRV - [2007.01.08 20:03:26 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
    SRV - [2007.01.08 20:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
    SRV - [2007.01.08 18:42:20 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
    SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2006.11.15 16:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - [2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010.12.31 20:56:37 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
    DRV - [2008.03.05 17:43:32 | 000,223,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008.01.19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2007.12.11 20:12:46 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
    DRV - [2007.09.28 16:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
    DRV - [2007.09.28 16:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
    DRV - [2007.09.05 18:07:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
    DRV - [2007.08.08 12:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007.07.30 03:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007.07.30 02:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007.07.27 08:57:00 | 007,131,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2007.07.24 05:34:36 | 000,348,160 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2007.07.05 10:20:32 | 000,181,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007.06.08 01:36:44 | 000,081,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
    DRV - [2007.05.31 11:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV - [2007.05.22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
    DRV - [2007.05.22 08:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
    DRV - [2007.04.29 22:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007.03.29 19:46:00 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2007.03.14 22:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
    DRV - [2007.03.14 21:50:06 | 000,040,848 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2007.03.13 16:13:52 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2007.03.13 16:13:32 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007.03.13 16:13:30 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007.03.13 16:13:30 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007.03.13 16:13:28 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007.03.13 16:13:26 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007.03.13 16:13:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007.03.13 16:13:24 | 000,104,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007.03.12 01:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2007.02.27 06:20:00 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2007.02.27 06:20:00 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2007.02.12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2007.02.09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2007.02.08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007.02.08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007.01.09 01:25:53 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2006.12.22 03:50:00 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2006.12.22 03:49:00 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2006.12.22 03:48:00 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2006.11.28 08:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006.11.06 09:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
    DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006.11.02 09:51:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006.11.02 08:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2006.10.19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2006.10.09 13:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
    DRV - [2006.09.05 19:07:00 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
    DRV - [2006.08.30 11:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome/thinkpad
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.11 16:14:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.01 21:05:01 | 000,000,000 | ---D | M]

    [2009.07.05 15:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kurt\AppData\Roaming\mozilla\Extensions
    [2010.01.02 16:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kurt\AppData\Roaming\mozilla\Firefox\Profiles\po7rejq4.default\extensions
    [2009.09.21 14:50:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kurt\AppData\Roaming\mozilla\Firefox\Profiles\po7rejq4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009.07.05 15:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009.12.11 16:14:51 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
    [2009.12.11 16:14:52 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
    [2009.12.11 16:14:52 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
    [2009.12.11 16:14:52 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
    [2009.12.11 16:14:52 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

    O1 HOSTS File: ([2011.01.09 22:27:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
    O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
    O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
    O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
    O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
    O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O13 - gopher Prefix: missing
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1222444651 (Image Uploader Control)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img30.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img30.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{eefd8c47-eba7-11de-a60c-001e4cf567cb}\Shell - "" = AutoRun
    O33 - MountPoints2\{eefd8c47-eba7-11de-a60c-001e4cf567cb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011.01.09 22:27:15 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011.01.09 17:52:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kurt\Desktop\OTL.exe
    [2011.01.09 17:28:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.01.09 17:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011.01.09 17:28:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.01.09 17:15:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Kurt\Desktop\TFC.exe
    [2011.01.09 16:55:43 | 000,000,000 | ---D | C] -- C:\Users\Kurt\Desktop\backups
    [2011.01.09 14:30:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kurt\Desktop\HijackThis.exe
    [2011.01.09 13:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
    [2011.01.08 17:22:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2011.01.08 17:22:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2011.01.08 17:21:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2011.01.08 16:59:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2011.01.08 12:24:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011.01.08 12:00:23 | 000,000,000 | ---D | C] -- C:\Users\Kurt\AppData\Local\Sunbelt Software
    [2011.01.07 18:19:33 | 000,000,000 | ---D | C] -- C:\PerfLogs
    [2011.01.07 16:55:00 | 000,000,000 | ---D | C] -- C:\Users\Kurt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2011.01.07 16:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2011.01.07 13:58:39 | 000,000,000 | ---D | C] -- C:\Users\Kurt\AppData\Roaming\Malwarebytes
    [2011.01.07 13:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011.01.07 13:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011.01.06 21:28:45 | 000,293,968 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011.01.06 21:28:45 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011.01.06 21:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011.01.06 21:28:43 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011.01.06 21:28:41 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011.01.06 21:28:38 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011.01.06 21:27:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011.01.06 21:27:10 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011.01.06 21:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2011.01.06 21:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2011.01.06 12:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011.01.06 12:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011.01.06 12:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2010.12.30 23:20:03 | 000,000,000 | ---D | C] -- C:\Users\Kurt\Documents\Lisa
    [2010.12.28 23:26:13 | 000,000,000 | ---D | C] -- C:\Users\Kurt\Desktop\Rose
    [2010.12.21 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\Kurt\Desktop\EVI 50

    ========== Files - Modified Within 30 Days ==========

    [2011.01.09 22:38:32 | 000,696,234 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2011.01.09 22:38:32 | 000,651,548 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011.01.09 22:38:32 | 000,154,710 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2011.01.09 22:38:32 | 000,125,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011.01.09 22:32:39 | 000,164,880 | ---- | M] () -- C:\Users\Kurt\AppData\Roaming\nvModes.001
    [2011.01.09 22:31:23 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
    [2011.01.09 22:31:23 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2011.01.09 22:31:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011.01.09 22:31:02 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
    [2011.01.09 22:31:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.01.09 22:31:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.01.09 22:30:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.01.09 22:30:20 | 2128,920,576 | -HS- | M] () -- C:\hiberfil.sys
    [2011.01.09 22:29:16 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011.01.09 22:27:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2011.01.09 21:49:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011.01.09 20:04:02 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job
    [2011.01.09 20:03:56 | 000,002,631 | ---- | M] () -- C:\Users\Kurt\Desktop\Word.lnk
    [2011.01.09 17:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kurt\Desktop\OTL.exe
    [2011.01.09 17:28:09 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.09 17:15:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Kurt\Desktop\TFC.exe
    [2011.01.09 14:53:03 | 350,314,171 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011.01.09 14:38:22 | 000,296,448 | ---- | M] () -- C:\Users\Kurt\Desktop\73pcr0jw.exe
    [2011.01.09 14:34:39 | 000,624,128 | ---- | M] () -- C:\Users\Kurt\Desktop\dds.scr
    [2011.01.09 13:53:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011.01.09 13:52:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2011.01.08 17:27:14 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011.01.08 17:26:49 | 000,414,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011.01.08 17:20:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    [2011.01.08 17:19:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2011.01.08 12:24:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011.01.07 19:35:38 | 000,033,280 | ---- | M] () -- C:\Users\Kurt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.01.07 18:02:29 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
    [2011.01.07 18:02:21 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
    [2011.01.07 16:55:00 | 000,001,067 | ---- | M] () -- C:\Users\Kurt\Desktop\Revo Uninstaller.lnk
    [2011.01.06 22:41:21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kurt\Desktop\HijackThis.exe
    [2011.01.06 21:39:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011.01.06 21:28:45 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011.01.06 19:47:54 | 000,232,726 | ---- | M] () -- C:\Users\Kurt\AppData\Local\gnngnnf_nav.dat
    [2011.01.06 12:03:17 | 000,001,999 | ---- | M] () -- C:\Users\Kurt\Desktop\Google Chrome.lnk
    [2011.01.06 11:56:50 | 000,387,072 | ---- | M] () -- C:\Users\Kurt\Documents\22.doc
    [2011.01.03 10:52:33 | 000,000,009 | ---- | M] () -- C:\Users\Kurt\AppData\Roaming\mdb.bin
    [2011.01.03 01:54:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\AclanProfile.xml
    [2011.01.01 21:40:37 | 000,164,880 | ---- | M] () -- C:\Users\Kurt\AppData\Roaming\nvModes.dat
    [2011.01.01 21:05:01 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
    [2010.12.31 21:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010.12.31 20:56:37 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2011.01.09 22:34:10 | 000,001,999 | ---- | C] () -- C:\Users\Kurt\Desktop\Google Chrome.lnk
    [2011.01.09 17:28:09 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011.01.09 14:43:43 | 350,314,171 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011.01.09 14:38:22 | 000,296,448 | ---- | C] () -- C:\Users\Kurt\Desktop\73pcr0jw.exe
    [2011.01.09 14:34:46 | 000,624,128 | ---- | C] () -- C:\Users\Kurt\Desktop\dds.scr
    [2011.01.09 13:53:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011.01.09 13:52:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2011.01.08 17:20:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    [2011.01.08 17:19:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2011.01.08 15:46:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011.01.08 15:45:57 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
    [2011.01.08 15:27:48 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
    [2011.01.08 15:27:46 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
    [2011.01.08 15:27:36 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
    [2011.01.08 15:27:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011.01.08 15:27:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011.01.08 15:27:31 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
    [2011.01.08 15:27:26 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
    [2011.01.08 15:27:12 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
    [2011.01.08 15:27:09 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
    [2011.01.08 15:26:21 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011.01.08 15:26:14 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
    [2011.01.08 15:26:07 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
    [2011.01.08 12:33:38 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011.01.07 16:55:00 | 000,001,067 | ---- | C] () -- C:\Users\Kurt\Desktop\Revo Uninstaller.lnk
    [2011.01.06 21:28:45 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011.01.06 11:21:17 | 000,232,726 | ---- | C] () -- C:\Users\Kurt\AppData\Local\gnngnnf_nav.dat
    [2010.08.28 02:04:42 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2010.03.28 12:33:28 | 000,000,004 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt
    [2009.07.11 17:58:07 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
    [2009.04.07 12:27:44 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009.01.25 11:41:45 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009.01.25 11:41:45 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2008.08.05 10:37:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2008.06.02 19:13:34 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
    [2008.05.26 16:50:34 | 000,000,009 | ---- | C] () -- C:\Users\Kurt\AppData\Roaming\mdb.bin
    [2008.05.05 14:23:44 | 000,033,280 | ---- | C] () -- C:\Users\Kurt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008.04.06 18:08:09 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008.04.05 12:33:16 | 000,001,814 | ---- | C] () -- C:\Windows\hpdj5700.ini
    [2008.03.06 19:25:11 | 000,000,092 | ---- | C] () -- C:\Users\Kurt\AppData\Local\fusioncache.dat
    [2007.12.27 22:40:07 | 000,164,880 | ---- | C] () -- C:\Users\Kurt\AppData\Roaming\nvModes.001
    [2007.12.27 21:50:56 | 000,164,880 | ---- | C] () -- C:\Users\Kurt\AppData\Roaming\nvModes.dat
    [2007.12.27 21:22:32 | 000,001,356 | ---- | C] () -- C:\Users\Kurt\AppData\Local\d3d9caps.dat
    [2007.12.11 19:59:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2007.12.11 19:59:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2007.12.11 19:59:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2007.12.11 19:59:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2007.12.11 19:59:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2007.12.11 19:59:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2007.12.11 19:56:49 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
    [2007.12.11 19:56:49 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
    [2007.12.11 19:52:20 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2007.12.11 19:30:06 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
    [2007.08.15 08:51:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007.08.03 14:14:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2007.07.27 07:37:40 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
    [2007.07.27 07:37:29 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
    [2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006.11.02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006.09.05 14:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL
    [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    ========== LOP Check ==========

    [2009.12.28 17:16:24 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\Canon
    [2009.11.14 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\gtk-2.0
    [2010.11.02 13:17:00 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\ICQ
    [2008.07.10 12:24:25 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\ICQ Toolbar
    [2009.04.12 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\IN-MEDIAKG
    [2008.03.29 16:43:51 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\InterTrust
    [2007.12.30 15:16:07 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\InterVideo
    [2007.12.27 21:27:15 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\Lenovo
    [2008.03.06 19:25:31 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\T-Online
    [2009.01.06 09:43:03 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\Uniblue
    [2009.05.15 10:26:18 | 000,000,000 | ---D | M] -- C:\Users\Kurt\AppData\Roaming\Windows Live Writer
    [2011.01.08 17:27:14 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2011.01.09 22:29:18 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011.01.09 20:04:02 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job

    ========== Purity Check ==========



    < End of report >



    [email protected] as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=c0aadb49686bb44d975a4dc8a6bbbce6
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-01-09 11:27:47
    # local_time=2011-01-10 12:27:47 (+0100, W. Europe Standard Time)
    # country="Germany"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=768 16777215 100 0 268180 268180 0 0
    # compatibility_mode=5892 16776573 100 100 109957 132143028 0 0
    # compatibility_mode=8192 67108863 100 0 4178 4178 0 0
    # scanned=189037
    # found=0
    # cleaned=0
    # scan_time=5494
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Pete,

    Logs are clean, proceed as follows please :-

    Step 1

    • Re-open [​IMG] to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
    • Click on the [​IMG] button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    Step 2

    Remove the ESET Online Scanner components from your computer, start the Uninstall a Program applet via > Staart > Control Panel, select the ESET Online Scanner entry and click Uninstall. This will happen very quickly, only re-boot if requested.

    Whilst in Uninstall a Program also remove the following :-

    Java(TM) 6 Update 2
    Java(TM) 6 Update 5
    Adobe Reader 8.2.5 - Deutsch


    Step 3

    You were using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 23.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer

    Step 4

    Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

    Please go to the link below to update.

    Adobe Reader Untick the Free McAfee® Security Scan Plus (optional) unless you want it.

    I only have a link to the English version, if you want the Deutsch version you`ll have to check at the site.

    Step 5

    I see you have CCleaner installed, make sure it is updated then run the cleaner section.

    Let me know if the above steps completed OK, also if any remaining issues.

    Kevin
     
  15. rosepeter

    rosepeter Thread Starter

    Joined:
    Jan 9, 2011
    Messages:
    10
    Hi Kevin,

    Thank you so much your help is very much appreciated. I will run through your final instructions once I'm back from a holiday on Saturday.

    Thanks heaps...Pete
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/973580

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice