Virus on laptop

Alright, here's the log:

Malwarebytes' Anti-Malware 1.30
Database version: 1423
Windows 6.0.6000

11/25/2008 7:20:29 PM
mbam-log-2008-11-25 (19-20-29).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 219261
Time elapsed: 1 hour(s), 24 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\getfn32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\getfn32.msiets (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{fb3e518d-0740-47c9-a236-960a95ffb82f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7462a0ae-0eb2-4f11-b14a-45f021d37e2f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21a237a4-3a94-4198-911d-647ed2263dd2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{21a237a4-3a94-4198-911d-647ed2263dd2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21a237a4-3a94-4198-911d-647ed2263dd2} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\getfn32.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

If you can run combofix now, please do

Yes I can run it now, but when I run combofix, nothing happens. All I see is it loading, then it disappears. What should I do?

Ok. We´ll try this scanner -

• Please download OTViewIt by OldTimer to your desktop.


• Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.


• Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.


• Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.

OTViewIt.txt <-- Will be opened
Extra.txt <-- Will be minimized

Copy and Paste the logs into your next reply.

Alright, here is OTViewIT.txt:

OTViewIt logfile created on: 11/26/2008 1:00:40 AM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\HJT
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16643)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 99.13% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.33 Gb Total Space | 21.80 Gb Free Space | 21.10% Space Free | Partition Type: NTFS
Drive D: | 8.46 Gb Total Space | 1.70 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDOH
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

[color=orange]========== Processes ==========[/color]

[2006/11/02 01:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 01:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007/12/04 20:34:11 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007/02/07 06:30:00 | 00,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
[2006/11/02 01:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/07/20 16:45:06 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/03/11 03:21:50 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
[2006/11/02 01:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2006/12/20 12:27:40 | 00,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2008/09/10 12:00:00 | 00,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
[2007/01/29 11:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/04/23 17:11:42 | 00,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
[2006/11/02 01:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2006/09/08 07:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
[2006/12/20 12:27:38 | 01,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
[2008/07/20 16:45:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2006/11/02 04:36:21 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
[2006/12/14 16:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2006/11/02 04:35:27 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mqsvc.exe
[2007/10/26 16:46:15 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
[2006/11/02 01:45:49 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2006/11/02 04:35:25 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmp.exe
[2006/11/02 04:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2007/07/10 06:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2006/05/02 13:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
[2007/10/26 16:46:15 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
[2006/12/04 16:13:16 | 00,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
[2006/11/02 01:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2007/04/23 17:11:44 | 00,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
[2006/11/02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 01:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/02/20 20:43:03 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/03/14 11:07:30 | 00,062,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
[2008/06/10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
[2007/05/11 03:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
[2006/11/02 01:44:59 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2006/11/02 00:31:57 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chcp.com
[2008/11/26 01:00:14 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\HJT\OTViewIt.exe

[color=orange]========== (O23) Win32 Services ==========[/color]

[2007/10/26 16:46:29 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Running])
[2007/04/23 17:11:42 | 00,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
[2007/10/26 16:46:36 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/04/23 17:11:44 | 00,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 04:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2007/12/04 20:41:32 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006/11/02 04:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 04:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/10/28 12:51:24 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/10/26 16:46:28 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/03/14 11:07:30 | 00,062,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service [Auto | Running])
[2006/05/02 13:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
[2008/07/20 16:45:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/11/02 04:36:21 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
[2006/12/14 16:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2006/11/02 05:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 04:35:27 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mqsvc.exe -- (MSMQ [On_Demand | Running])
[2006/11/02 04:35:28 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mqtgsvc.exe -- (MSMQTriggers [On_Demand | Stopped])
[2007/10/26 16:46:15 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetMsmqActivator [Auto | Running])
[2007/10/26 16:46:15 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetPipeActivator [Auto | Running])
[2007/10/26 16:46:15 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpActivator [Auto | Running])
[2007/10/26 16:46:15 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [On_Demand | Running])
[2007/02/12 08:36:58 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2006/11/02 01:46:12 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2006/11/02 01:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Running])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2006/11/02 01:45:49 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp [Auto | Running])
[2007/12/04 20:34:11 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 04:35:25 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmp.exe -- (SNMP [Auto | Running])
[2006/11/02 01:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/02/17 06:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2006/12/04 16:13:16 | 00,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI [Auto | Running])
[2006/11/02 01:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 01:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2006/11/02 04:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/11/02 04:36:24 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc [On_Demand | Stopped])
[2006/11/02 04:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2007/07/10 06:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

[color=orange]========== Driver Services ==========[/color]

[2006/11/02 01:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 01:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 01:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 01:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 01:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 01:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 01:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 00:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 00:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2007/04/18 04:03:26 | 00,141,312 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2006/11/02 01:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2007/03/28 08:44:22 | 00,140,424 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV [On_Demand | Running])
[2006/11/01 23:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV [On_Demand | Stopped])
[2006/11/02 00:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 00:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 00:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 00:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 00:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 00:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 00:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2007/07/29 04:01:53 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Running])
[2006/11/02 00:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 00:55:27 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Running])
[2007/07/29 04:01:53 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2007/07/29 04:01:53 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Running])
[2007/01/02 02:45:30 | 00,078,128 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Running])
[2007/01/02 02:45:30 | 00,080,688 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Running])
[2007/01/02 02:45:30 | 00,016,560 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid [On_Demand | Running])
[2006/11/02 00:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/02/17 10:55:20 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 01:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/03/04 01:32:00 | 00,188,416 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService [On_Demand | Running])
[2006/11/02 01:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 00:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 00:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2007/12/04 20:41:32 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/01 23:30:54 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2006/11/01 23:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/30 09:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2006/11/02 04:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 01:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006/11/02 01:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 00:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 01:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/06/28 08:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey [On_Demand | Running])
[2007/08/01 07:42:32 | 00,164,864 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService [On_Demand | Stopped])
[2007/12/04 20:32:29 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 00:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 00:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/01 23:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2007/06/20 03:29:56 | 00,984,064 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/06/20 03:28:34 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2006/10/18 18:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])
[2008/07/20 16:44:44 | 00,324,120 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 01:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/02 00:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 01:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 01:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 01:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/02/17 10:55:17 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2006/11/02 00:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 01:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 01:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 01:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 00:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/06/19 06:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/02 01:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2007/12/16 01:56:45 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 01:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2007/12/04 20:37:05 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 04:35:27 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mqac.sys -- (MQAC [On_Demand | Running])
[2006/11/02 01:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2006/11/02 00:31:27 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2007/12/16 06:36:55 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 01:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 01:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2007/07/29 04:01:42 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 01:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/02/17 10:52:47 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2007/09/26 13:12:22 | 02,251,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32 [On_Demand | Stopped])
[2008/06/26 05:30:50 | 03,662,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
[2006/11/02 01:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/11/09 12:07:55 | 00,004,096 | ---- | M] () -- C:\Windows\System32\drivers\nocashio.sys -- (nocashio [On_Demand | Stopped])
[2006/11/02 00:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/01 23:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/09/19 19:05:00 | 07,626,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 01:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 01:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 01:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2007/12/04 20:41:33 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/02/02 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 01:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 04:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 01:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/02 00:55:23 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Running])
[2007/02/24 06:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007/01/23 08:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2007/03/21 14:02:04 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2006/11/02 00:57:12 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST [Auto | Running])
[2006/11/02 00:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 01:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2007/12/04 20:34:23 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/01 22:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/02/17 10:55:17 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 00:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 00:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 00:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 01:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 01:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 01:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 00:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2006/11/02 01:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2007/12/16 06:36:55 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2007/12/16 06:36:55 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/04/10 11:03:46 | 00,072,576 | ---- | M] (Sierra Wireless Inc.) -- C:\Windows\System32\drivers\swmx02.sys -- (SWMX02 [On_Demand | Running])
[2006/11/02 01:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 01:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 01:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 00:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 00:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 01:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Running])
[2007/12/04 20:37:04 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2007/12/04 20:37:04 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 01:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 01:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 01:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 01:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 01:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 00:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 00:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 00:55:20 | 00,132,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2006/11/02 00:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 00:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 01:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2007/07/29 04:01:42 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 01:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 01:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 00:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 01:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/02/17 10:55:18 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2007/06/20 03:28:22 | 00,660,480 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2007/12/04 20:40:37 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2006/11/02 00:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2007/07/10 06:27:56 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])
[2007/12/06 09:51:00 | 00,298,496 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Running])

[color=orange]========== (R ) Internet Explorer ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
"Default_Search_URL"=https://www.google.com/ie
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=https://www.google.com
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=https://www.google.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=https://www.google.com
"Start Page"=https://www.google.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1515060504-3118681779-4121246500-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=https://www.google.com
"Start Page"=https://www.google.com

[HKEY_USERS\S-1-5-21-1515060504-3118681779-4121246500-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1515060504-3118681779-4121246500-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1515060504-3118681779-4121246500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[color=orange]========== (O1) Hosts File ==========[/color]

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

[color=orange]========== (O2) BHO's ==========[/color]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[color=orange]========== (O3) Toolbars ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[color=orange]========== (O4) Run Keys ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
"CognizanceTS"=rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule (Cognizance Corporation)
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[color=orange]========== (O4) RunOnce Keys ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)

[color=orange]========== (O6 & O7) Current Version Policies ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"ForceClassicControlPanel"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=1

[HKEY_USERS\S-1-5-21-1515060504-3118681779-4121246500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"ForceClassicControlPanel"=1

[HKEY_USERS\S-1-5-21-1515060504-3118681779-4121246500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"DisableRegistryTools"=0

[color=orange]========== (O8) IE Context Menu Extensions ==========[/color]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/07/17 05:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/07/17 05:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/07/17 05:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

[HKEY_USERS\S-1-5-21-1515060504-3118681779-4121246500-1000\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/07/17 05:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/07/17 05:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/07/17 05:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

[color=orange]========== (O9) IE Extensions ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/10/26 19:28:50 | 00,005,601 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/10/26 19:28:50 | 00,005,601 | ---- | M] ()
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008/06/25 21:21:58 | 00,656,696 | ---- | M] (BitComet)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

[HKEY_USERS\S-1-5-21-1515060504-3118681779-4121246500-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

[color=orange]========== (O12) Internet Explorer Plugins ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = https://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

[color=orange]========== (O13) Default Prefixes ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=https://

[color=orange]========== (O15) Trusted Sites ==========[/color]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[color=orange]========== (O16) DPF ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: https://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab -- QuickTime Object
{0CC52A09-A146-4AC4-85E5-B9A575CA8196}: https://www.ace-onlines.com/Downloads/pc_info.cab -- GameStart Class
{166B1BCA-3F9C-11CF-8075-444553540000}: https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: https://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool
{1E54D648-B804-468d-BC78-4AFFED8E262E}: https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab -- System Requirements Lab Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{49232000-16E4-426C-A231-62846947304B}: https://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab -- SysData Class
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab -- Reg Error: Key does not exist or could not be opened.
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: https://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab -- HpProductDetection Class
{6F15128C-E66A-490C-B848-5000B5ABEEAC}: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab -- HP Download Manager
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}: https://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab -- GMNRev Class
{745395C8-D0E1-4227-8586-624CA9A10A8D}: https://148.213.21.243/activex/AMC.cab -- AxisMediaControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: https://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: https://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}: https://212.181.20.125/activex/AxisCamControl.cab -- CamImage Class
{9D8CCE0F-2E2C-41EB-B37F-9852DB989CAC}: https://www.ace-onlines.com/game/WebLauncher.cab -- WebLauncher Control
{AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180}: https://config.hyosungcdn.com/download/p3xset.cab -- P3Xfer Loader Class
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: https://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: https://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: https://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: https://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: https://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}: https://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe -- Virtools WebPlayer Class
{DE625294-70E6-45ED-B895-CFFA13AEB044}: https://144.75.185.75/activex/AMC.cab -- AxisMediaControlEmb Class

[color=orange]========== (O17) DNS Name Servers ==========[/color]

{23629678-DAB3-429E-A59D-A97C2573C234} (Servers: | Description: )
{34BC7A63-769D-4093-832A-4C94535BFFB0} (Servers: | Description: Intel(R) Wireless WiFi Link 4965AGN)
{D3829BB6-81D1-4BE9-BE17-96E946BA34E2} (Servers: | Description: Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller)

[color=orange]========== HKLM *SecurityProviders* ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 01:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

[color=orange]========== LSA *Security Packages* ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 01:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

[color=orange]========== Safeboot Options ==========[/color]

"AlternateShell"=cmd.exe

[color=orange]========== CDRom AutoRun Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

[color=orange]========== Autorun Files on Drives ==========[/color]

autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2007/07/29 03:52:58 | 00,000,074 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ]
[2005/09/11 07:18:54 | 00,000,340 | -HS- | M] () -- D:\AUTOMODE -- [ NTFS ]


[color=orange]========== MountPoints2 ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b42c1d9b-aa88-11dc-ad18-001e37674a57}\Shell\AutoRun\command]
""=C:\Windows\System32\shell32.dll -- [2007/12/04 20:32:48 | 11,315,200 | ---- | M] (Microsoft Corporation)

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[1 C:\Windows\*.tmp files]
[2008/11/25 21:04:16 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2008/11/25 21:04:12 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2008/11/25 17:58:41 | 00,081,267 | ---- | C] () -- C:\Users\Andy\Documents\Reading list.pdf
[2008/11/25 06:19:28 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/11/25 01:32:40 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2008/11/25 01:29:24 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/11/25 01:29:24 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/25 01:29:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/11/25 01:29:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008/11/25 01:29:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/24 16:36:36 | 00,000,000 | ---D | C] -- C:\Users\Andy\Desktop\__MACOSX
[2008/11/24 16:33:58 | 00,920,301 | ---- | C] () -- C:\Users\Andy\Desktop\Combofix Guide.webarchive
[2008/11/24 07:27:13 | 32,195,13344 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/24 05:56:28 | 03,052,195 | ---- | C] () -- C:\Users\Andy\Desktop\ComboFix.exe
[2008/11/23 21:42:33 | 00,000,000 | ---D | C] -- C:\HJT
[2008/11/23 21:25:45 | 21,724,2286 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2008/11/23 20:51:41 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[2008/11/23 20:40:23 | 00,001,670 | ---- | C] () -- C:\Users\Andy\Desktop\CCleaner.lnk
[2008/11/23 20:40:22 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/11/23 20:39:13 | 00,000,000 | ---- | C] () -- C:\Users\Andy\Desktop\MalwarebytesAM.exe
[2008/11/23 20:39:13 | 00,000,000 | ---- | C] () -- C:\Users\Andy\Desktop\hjt.exe
[2008/11/23 20:39:12 | 00,000,000 | R--D | C] -- C:\Users\Andy\Desktop\FIX
[2008/11/23 20:28:21 | 00,010,021 | ---- | C] () -- C:\Users\Andy\Documents\Prompt2.odt
[2008/11/23 20:28:11 | 00,012,268 | ---- | C] () -- C:\Users\Andy\Documents\Promt1.odt
[2008/11/23 17:51:03 | 00,012,268 | ---- | C] () -- C:\Users\Andy\Documents\applications.odt
[2008/11/23 02:36:11 | 00,276,315 | ---- | C] () -- C:\Users\Andy\Desktop\Tin Star.zst
[2008/11/23 02:13:53 | 00,002,048 | ---- | C] () -- C:\Users\Andy\Desktop\Tin Star.srm
[2008/11/23 02:11:59 | 01,121,807 | ---- | C] () -- C:\Users\Andy\Desktop\Tin_Star.zip
[2008/11/23 02:09:46 | 00,867,785 | ---- | C] () -- C:\Users\Andy\Desktop\zsnesw151.zip
[2008/11/22 17:12:58 | 00,000,004 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\iexplore.iss
[2008/11/22 13:45:43 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Virtools
[2008/11/22 13:45:32 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2008/11/22 13:45:27 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2008/11/22 13:45:24 | 00,000,000 | ---D | C] -- C:\Program Files\Virtools
[2008/11/21 09:37:26 | 01,069,325 | ---- | C] () -- C:\Users\Andy\Documents\my senior pic possibilities 006.JPG
[2008/11/20 20:37:58 | 00,059,691 | ---- | C] () -- C:\Users\Andy\Desktop\johnwithbuddies.jpg
[2008/11/20 00:08:55 | 00,000,527 | ---- | C] () -- C:\Windows\System32\TDSSwows.dat
[2008/11/19 21:03:01 | 01,780,251 | ---- | C] () -- C:\Users\Andy\Desktop\WordUnscrambler.zip
[2008/11/19 20:57:32 | 00,224,773 | ---- | C] () -- C:\Users\Andy\Desktop\word-unscrambler-program.zip
[2008/11/17 23:25:26 | 00,088,064 | ---- | C] () -- C:\Users\Andy\Documents\JournalREport.doc
[2008/11/17 23:17:04 | 00,115,712 | ---- | C] () -- C:\Users\Andy\Documents\Biology Report.doc
[2008/11/17 17:57:22 | 01,255,424 | ---- | C] () -- C:\Users\Andy\Desktop\PFS_Mentor_Tri_(2).pub
[2008/11/17 05:48:34 | 00,018,497 | ---- | C] () -- C:\Users\Andy\Documents\andy.odt
[2008/11/17 00:37:11 | 00,059,392 | ---- | C] () -- C:\Users\Andy\Desktop\Exam2 Excel.xls
[2008/11/17 00:37:08 | 00,060,928 | ---- | C] () -- C:\Users\Andy\Desktop\Exam2 Excel.ods
[2008/11/16 18:52:18 | 02,959,184 | ---- | C] () -- C:\Users\Andy\Documents\Exam2Study.odt
[2008/11/16 17:33:59 | 05,507,584 | ---- | C] () -- C:\Users\Andy\Desktop\Slides_for_Exam_2.doc
[2008/11/16 12:16:05 | 04,469,230 | ---- | C] () -- C:\Users\Andy\Desktop\Lab Manual.pdf
[2008/11/16 10:05:29 | 00,086,000 | ---- | C] () -- C:\Users\Andy\Desktop\Exam2Bold.pdf
[2008/11/16 10:05:01 | 00,083,380 | ---- | C] () -- C:\Users\Andy\Desktop\Exam2.pdf
[2008/11/12 23:39:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/11/12 23:39:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2008/11/12 23:38:51 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Apple
[2008/11/12 23:38:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2008/11/12 23:38:50 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/11/10 15:17:11 | 04,264,448 | ---- | C] () -- C:\Users\Andy\Documents\Exam2 Slide.odt
[2008/11/09 12:19:48 | 00,064,512 | ---- | C] () -- C:\Users\Andy\Documents\Money Calculator.xls
[2008/11/09 12:19:42 | 00,064,512 | ---- | C] () -- C:\Users\Andy\Documents\Money Calculator.ods
[2008/11/09 12:07:55 | 00,004,096 | ---- | C] () -- C:\Windows\System32\drivers\nocashio.sys
[2008/11/09 12:04:16 | 00,000,000 | ---D | C] -- C:\Users\Andy\Desktop\DS game
[2008/11/09 10:17:22 | 00,155,156 | ---- | C] () -- C:\Users\Andy\Documents\no$gba-w_2.5c.zip
[2008/11/09 01:14:11 | 00,007,603 | ---- | C] () -- C:\Users\Andy\Documents\Gentics Grade Calculator.ods
[2008/11/08 19:04:42 | 00,000,000 | ---D | C] -- C:\Users\Andy\Documents\LimeWire
[2008/11/08 19:04:02 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\LimeWire
[2008/11/08 19:03:21 | 00,001,710 | ---- | C] () -- C:\Users\Andy\Desktop\LimeWire PRO 4.18.8.lnk
[2008/11/08 19:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2008/11/08 18:53:25 | 07,336,328 | ---- | C] (Lime Wire LLC) -- C:\Users\Andy\Documents\LimeWireWin.exe
[2008/11/08 16:54:08 | 00,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Chem 220 Solution Manual
[2008/11/08 16:53:34 | 00,000,000 | ---D | C] -- C:\Users\Andy\Documents\__MACOSX
[2008/11/08 16:29:21 | 61,433,984 | ---- | C] () -- C:\Users\Andy\Documents\Archive.zip
[2008/11/08 11:02:46 | 00,032,169 | ---- | C] () -- C:\Users\Andy\Documents\igetc3.pdf
[2008/11/06 21:26:29 | 00,009,859 | ---- | C] () -- C:\Users\Andy\Documents\julie gpa.ods
[2008/11/06 14:50:03 | 00,011,284 | ---- | C] () -- C:\Users\Andy\Documents\Spring & Interession Schedule.ods
[2008/11/06 14:01:20 | 00,009,895 | ---- | C] () -- C:\Users\Andy\Documents\GPA Calculator.ods
[2008/11/05 21:15:50 | 00,001,854 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2008/11/05 21:15:25 | 00,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2008/11/05 21:05:25 | 14,665,056 | ---- | C] () -- C:\Users\Andy\Documents\winzip120.exe
[2008/11/05 15:03:21 | 00,098,758 | ---- | C] () -- C:\Users\Andy\Documents\wtf.pdf
[2008/11/05 15:02:00 | 00,098,758 | ---- | C] () -- C:\Users\Andy\Documents\blah68!cccd-node0.blackboard.pdf
[2008/11/05 15:01:18 | 00,098,758 | ---- | C] () -- C:\Users\Andy\Documents\RelativeResourceManager;JSESSIONID=TnJxJSlMY2sRGTQThqQVF9VbGmcGfT9Jz1cpTjwFcGDFpfv6ggNL!-1061153450!cccd-node2.blackboard.com!80!443!-2100299268!cccd-node0.blackboard.pdf
[2008/11/05 13:41:45 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Installer1060
[2008/11/05 13:41:12 | 00,064,632 | ---- | C] () -- C:\Users\Andy\Documents\Winzip_12.rar
[2008/11/04 22:50:51 | 00,126,877 | ---- | C] () -- C:\Users\Andy\Documents\Graph for journal.odt
[2008/11/04 01:14:52 | 00,000,000 | ---D | C] -- C:\Users\Andy\Documents\genetics
[2008/11/04 01:12:47 | 06,790,480 | ---- | C] () -- C:\Users\Andy\Documents\Genetics.zip
[2008/10/31 07:21:13 | 00,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Camfrog
[2008/10/31 06:06:45 | 05,534,554 | ---- | C] () -- C:\Users\Andy\Desktop\Prepaid.Card.Gen.AIO.2k8.cRs_MP.rar
[2008/10/30 16:32:13 | 00,031,492 | ---- | C] () -- C:\Users\Andy\Desktop\CCGen___2008_by_DCT.ShaDoW_V.1.2(2).rar
[2008/10/29 09:19:27 | 00,000,950 | ---- | C] () -- C:\Users\Andy\Desktop\Adobe Flash CS3 Professional.lnk
[2008/10/29 05:34:09 | 00,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Flash Stuff
[2008/10/29 04:51:37 | 00,088,064 | ---- | C] () -- C:\Users\Andy\Documents\Biology 185 Project 1.doc
[2008/10/29 04:51:33 | 00,086,528 | ---- | C] () -- C:\Users\Andy\Documents\Biology 185 Project 1.odt
[2008/10/29 01:31:37 | 00,093,696 | ---- | C] () -- C:\Users\Andy\Documents\List.doc
[2008/10/29 01:30:40 | 00,087,040 | ---- | C] () -- C:\Users\Andy\Documents\List.odt
[2008/10/28 23:56:59 | 00,077,824 | ---- | C] () -- C:\Users\Andy\Documents\aaaaaaa.doc
[2008/10/28 23:56:45 | 00,077,824 | ---- | C] () -- C:\Users\Andy\Documents\Biology Report111.doc
[2008/10/28 23:55:23 | 00,077,824 | ---- | C] () -- C:\Users\Andy\Documents\Biology Report111.odt
[2008/10/28 23:07:03 | 00,012,500 | ---- | C] () -- C:\Users\Andy\Documents\Biology Report 2.odt
[2008/10/28 23:06:56 | 00,018,515 | ---- | C] () -- C:\Users\Andy\Documents\Biology Report.odt
[2008/10/28 19:20:35 | 00,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Andreww too coool
[2008/10/28 13:04:27 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2008/10/28 13:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2008/10/28 13:00:08 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/10/28 12:59:50 | 00,076,100 | ---- | C] () -- C:\Users\Andy\Documents\Flash-TheDonSlam.rar
[2008/10/28 12:51:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2008/10/28 12:48:59 | 00,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Flash Professional
[2008/10/28 12:39:21 | 00,034,861 | ---- | C] () -- C:\Users\Andy\Documents\bio 185 project 1.pdf
[2008/10/28 12:33:33 | 00,034,861 | ---- | C] () -- C:\Users\Andy\Documents\RelativeResourceManager;JSESSIONID=MP55JH2J9snr6sXnRgqzWkBG3Jpm7qcQM5JGSPP44lv9xyMFyS0l!486519366!cccd-node1.blackboard.com!80!443!1140168567!cccd-node2.blackboard.pdf
[2008/10/27 05:51:47 | 02,040,558 | ---- | C] () -- C:\Users\Andy\Documents\28_textbook_answers.zip
[2008/10/27 05:10:13 | 04,126,647 | ---- | C] () -- C:\Users\Andy\Documents\38_textbook_answers.zip
[2008/10/27 05:04:40 | 05,068,216 | ---- | C] () -- C:\Users\Andy\Documents\37_textbook_answers.zip
[2008/10/27 04:58:20 | 03,635,777 | ---- | C] () -- C:\Users\Andy\Documents\43_textbook_answers.zip

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\Windows\*.tmp files]
[2008/11/26 00:22:50 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/11/26 00:22:50 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/11/25 21:04:16 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2008/11/25 19:29:59 | 00,875,966 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/11/25 19:29:59 | 00,739,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/11/25 19:29:59 | 00,138,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/11/25 19:23:39 | 00,094,920 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\nvModes.001
[2008/11/25 19:22:50 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/11/25 19:22:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/11/25 19:22:38 | 32,195,13344 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/25 19:21:28 | 00,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2008/11/25 19:21:25 | 02,297,218 | -H-- | M] () -- C:\Users\Andy\AppData\Local\IconCache.db
[2008/11/25 17:58:41 | 00,081,267 | ---- | M] () -- C:\Users\Andy\Documents\Reading list.pdf
[2008/11/25 01:29:24 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/24 19:29:31 | 00,000,004 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\iexplore.iss
[2008/11/24 16:33:58 | 00,920,301 | ---- | M] () -- C:\Users\Andy\Desktop\Combofix Guide.webarchive
[2008/11/24 07:28:15 | 21,724,2286 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2008/11/24 05:56:28 | 03,052,195 | ---- | M] () -- C:\Users\Andy\Desktop\ComboFix.exe
[2008/11/24 01:03:06 | 00,010,021 | ---- | M] () -- C:\Users\Andy\Documents\Prompt2.odt
[2008/11/23 20:40:23 | 00,001,670 | ---- | M] () -- C:\Users\Andy\Desktop\CCleaner.lnk
[2008/11/23 20:39:13 | 00,000,000 | ---- | M] () -- C:\Users\Andy\Desktop\MalwarebytesAM.exe
[2008/11/23 20:39:13 | 00,000,000 | ---- | M] () -- C:\Users\Andy\Desktop\hjt.exe
[2008/11/23 20:28:11 | 00,012,268 | ---- | M] () -- C:\Users\Andy\Documents\Promt1.odt
[2008/11/23 20:27:53 | 00,012,268 | ---- | M] () -- C:\Users\Andy\Documents\applications.odt
[2008/11/23 02:36:12 | 00,002,048 | ---- | M] () -- C:\Users\Andy\Desktop\Tin Star.srm
[2008/11/23 02:36:11 | 00,276,315 | ---- | M] () -- C:\Users\Andy\Desktop\Tin Star.zst
[2008/11/23 02:12:13 | 01,121,807 | ---- | M] () -- C:\Users\Andy\Desktop\Tin_Star.zip
[2008/11/23 02:10:02 | 00,867,785 | ---- | M] () -- C:\Users\Andy\Desktop\zsnesw151.zip
[2008/11/22 20:45:43 | 00,011,284 | ---- | M] () -- C:\Users\Andy\Documents\Spring & Interession Schedule.ods
[2008/11/22 15:11:12 | 00,000,527 | ---- | M] () -- C:\Windows\System32\TDSSwows.dat
[2008/11/22 13:32:09 | 00,000,019 | ---- | M] () -- C:\Windows\popcinfo.dat
[2008/11/21 09:37:47 | 01,069,325 | ---- | M] () -- C:\Users\Andy\Documents\my senior pic possibilities 006.JPG
[2008/11/20 20:37:33 | 00,059,691 | ---- | M] () -- C:\Users\Andy\Desktop\johnwithbuddies.jpg
[2008/11/20 17:38:41 | 00,094,920 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\nvModes.dat
[2008/11/19 21:03:02 | 01,780,251 | ---- | M] () -- C:\Users\Andy\Desktop\WordUnscrambler.zip
[2008/11/19 20:57:36 | 00,224,773 | ---- | M] () -- C:\Users\Andy\Desktop\word-unscrambler-program.zip
[2008/11/17 23:25:43 | 00,088,064 | ---- | M] () -- C:\Users\Andy\Documents\JournalREport.doc
[2008/11/17 23:17:09 | 00,115,712 | ---- | M] () -- C:\Users\Andy\Documents\Biology Report.doc
[2008/11/17 23:13:14 | 00,088,064 | ---- | M] () -- C:\Users\Andy\Documents\Biology 185 Project 1.doc
[2008/11/17 17:57:40 | 01,255,424 | ---- | M] () -- C:\Users\Andy\Desktop\PFS_Mentor_Tri_(2).pub
[2008/11/17 17:39:40 | 00,060,928 | ---- | M] () -- C:\Users\Andy\Desktop\Exam2 Excel.ods
[2008/11/17 17:39:29 | 02,959,184 | ---- | M] () -- C:\Users\Andy\Documents\Exam2Study.odt
[2008/11/17 05:48:34 | 00,018,497 | ---- | M] () -- C:\Users\Andy\Documents\andy.odt
[2008/11/17 00:37:12 | 00,059,392 | ---- | M] () -- C:\Users\Andy\Desktop\Exam2 Excel.xls
[2008/11/16 17:33:59 | 05,507,584 | ---- | M] () -- C:\Users\Andy\Desktop\Slides_for_Exam_2.doc
[2008/11/16 12:16:05 | 04,469,230 | ---- | M] () -- C:\Users\Andy\Desktop\Lab Manual.pdf
[2008/11/16 10:05:29 | 00,086,000 | ---- | M] () -- C:\Users\Andy\Desktop\Exam2Bold.pdf
[2008/11/16 10:05:01 | 00,083,380 | ---- | M] () -- C:\Users\Andy\Desktop\Exam2.pdf
[2008/11/10 15:17:20 | 04,264,448 | ---- | M] () -- C:\Users\Andy\Documents\Exam2 Slide.odt
[2008/11/09 12:19:54 | 00,064,512 | ---- | M] () -- C:\Users\Andy\Documents\Money Calculator.xls
[2008/11/09 12:19:42 | 00,064,512 | ---- | M] () -- C:\Users\Andy\Documents\Money Calculator.ods
[2008/11/09 12:07:55 | 00,004,096 | ---- | M] () -- C:\Windows\System32\drivers\nocashio.sys
[2008/11/09 10:17:25 | 00,155,156 | ---- | M] () -- C:\Users\Andy\Documents\no$gba-w_2.5c.zip
[2008/11/09 01:14:11 | 00,007,603 | ---- | M] () -- C:\Users\Andy\Documents\Gentics Grade Calculator.ods
[2008/11/08 19:03:21 | 00,001,710 | ---- | M] () -- C:\Users\Andy\Desktop\LimeWire PRO 4.18.8.lnk
[2008/11/08 19:03:12 | 07,336,328 | ---- | M] (Lime Wire LLC) -- C:\Users\Andy\Documents\LimeWireWin.exe
[2008/11/08 16:29:27 | 61,433,984 | ---- | M] () -- C:\Users\Andy\Documents\Archive.zip
[2008/11/08 11:02:46 | 00,032,169 | ---- | M] () -- C:\Users\Andy\Documents\igetc3.pdf
[2008/11/06 21:27:15 | 00,009,859 | ---- | M] () -- C:\Users\Andy\Documents\julie gpa.ods
[2008/11/06 14:01:44 | 00,009,895 | ---- | M] () -- C:\Users\Andy\Documents\GPA Calculator.ods
[2008/11/05 21:15:50 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2008/11/05 21:15:50 | 00,001,788 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2008/11/05 21:14:23 | 14,665,056 | ---- | M] () -- C:\Users\Andy\Documents\winzip120.exe
[2008/11/05 15:03:21 | 00,098,758 | ---- | M] () -- C:\Users\Andy\Documents\wtf.pdf
[2008/11/05 15:02:00 | 00,098,758 | ---- | M] () -- C:\Users\Andy\Documents\blah68!cccd-node0.blackboard.pdf
[2008/11/05 15:01:18 | 00,098,758 | ---- | M] () -- C:\Users\Andy\Documents\RelativeResourceManager;JSESSIONID=TnJxJSlMY2sRGTQThqQVF9VbGmcGfT9Jz1cpTjwFcGDFpfv6ggNL!-1061153450!cccd-node2.blackboard.com!80!443!-2100299268!cccd-node0.blackboard.pdf
[2008/11/05 13:41:46 | 00,064,632 | ---- | M] () -- C:\Users\Andy\Documents\Winzip_12.rar
[2008/11/04 23:30:45 | 00,014,320 | ---- | M] () -- C:\Users\Andy\Documents\JournalREport.odt
[2008/11/04 22:50:51 | 00,126,877 | ---- | M] () -- C:\Users\Andy\Documents\Graph for journal.odt
[2008/11/04 01:12:56 | 06,790,480 | ---- | M] () -- C:\Users\Andy\Documents\Genetics.zip
[2008/10/31 06:07:35 | 05,534,554 | ---- | M] () -- C:\Users\Andy\Desktop\Prepaid.Card.Gen.AIO.2k8.cRs_MP.rar
[2008/10/30 16:32:12 | 00,031,492 | ---- | M] () -- C:\Users\Andy\Desktop\CCGen___2008_by_DCT.ShaDoW_V.1.2(2).rar
[2008/10/29 09:19:27 | 00,000,950 | ---- | M] () -- C:\Users\Andy\Desktop\Adobe Flash CS3 Professional.lnk
[2008/10/29 04:51:34 | 00,086,528 | ---- | M] () -- C:\Users\Andy\Documents\Biology 185 Project 1.odt
[2008/10/29 04:51:04 | 00,018,515 | ---- | M] () -- C:\Users\Andy\Documents\Biology Report.odt
[2008/10/29 04:02:14 | 00,012,500 | ---- | M] () -- C:\Users\Andy\Documents\Biology Report 2.odt
[2008/10/29 01:31:40 | 00,093,696 | ---- | M] () -- C:\Users\Andy\Documents\List.doc
[2008/10/29 01:30:42 | 00,087,040 | ---- | M] () -- C:\Users\Andy\Documents\List.odt
[2008/10/28 23:56:59 | 00,077,824 | ---- | M] () -- C:\Users\Andy\Documents\aaaaaaa.doc
[2008/10/28 23:56:45 | 00,077,824 | ---- | M] () -- C:\Users\Andy\Documents\Biology Report111.doc
[2008/10/28 23:55:24 | 00,077,824 | ---- | M] () -- C:\Users\Andy\Documents\Biology Report111.odt
[2008/10/28 13:00:00 | 00,076,100 | ---- | M] () -- C:\Users\Andy\Documents\Flash-TheDonSlam.rar
[2008/10/28 12:39:21 | 00,034,861 | ---- | M] () -- C:\Users\Andy\Documents\bio 185 project 1.pdf
[2008/10/28 12:33:33 | 00,034,861 | ---- | M] () -- C:\Users\Andy\Documents\RelativeResourceManager;JSESSIONID=MP55JH2J9snr6sXnRgqzWkBG3Jpm7qcQM5JGSPP44lv9xyMFyS0l!486519366!cccd-node1.blackboard.com!80!443!1140168567!cccd-node2.blackboard.pdf
[2008/10/27 05:51:52 | 02,040,558 | ---- | M] () -- C:\Users\Andy\Documents\28_textbook_answers.zip
[2008/10/27 05:10:15 | 04,126,647 | ---- | M] () -- C:\Users\Andy\Documents\38_textbook_answers.zip
[2008/10/27 05:04:44 | 05,068,216 | ---- | M] () -- C:\Users\Andy\Documents\37_textbook_answers.zip
[2008/10/27 04:59:31 | 03,635,777 | ---- | M] () -- C:\Users\Andy\Documents\43_textbook_answers.zip
< End of report >

Extra.txt:

OTViewIt Extras logfile created on: 11/26/2008 1:00:40 AM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\HJT
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16643)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 99.13% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.33 Gb Total Space | 21.80 Gb Free Space | 21.10% Space Free | Partition Type: NTFS
Drive D: | 8.46 Gb Total Space | 1.70 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDOH
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

[color=orange]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.scr [@ = RasWin.Script] -- C:\Program Files\RasWin\raswin.exe ()

[color=orange]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=1
"InternetSettingsDisableNotify"=1
"AutoUpdateDisableNotify"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

[color=orange]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
File not found -- C:\Program Files\Yedang Online\Ace-Online\Launcher.atm:Enabled:GameExe2
File not found -- C:\Program Files\Yedang Online\Ace-Online\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
[2008/08/21 19:29:35 | 04,022,272 | ---- | M] () -- C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2
[2007/07/25 09:35:16 | 00,229,376 | ---- | M] (Masang Soft) -- C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP

[color=orange]========== (O10) Winsock2 Catalogs ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

[color=orange]========== HKEY_LOCAL_MACHINE Protocol Defaults ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

[color=orange]========== HKEY_USERS Protocol Defaults ==========[/color]


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

[color=orange]========== HKEY_USERS Protocol Defaults ==========[/color]


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{082702D5-5DD8-4600-BCE5-48B15174687F}"=HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}"=VeriSoft Access Manager
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}"=muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}"=PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{11E527FB-3452-4266-9FAE-7653F88D4AFA}"=HP WWAN Setup Utility
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}"=Roxio Creator EasyArchive
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}"=ESU for Microsoft Vista
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{1DCC7418-2089-4BDD-B321-3771956160FC}"=ijji Auto Installer
"{228C6B46-64E2-404E-898A-EF0830603EF4}"=HPNetworkAssistant
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}"=Hewlett-Packard Active Check for Health Check
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}"=HP Active Support Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}"=Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Roxio Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}"=HP User Guides 0060
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}"=HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}"=HP QuickPlay 3.2
"{4E868D3D-6EEB-4273-926C-2287236B5B79}"=3DVIA player 4.1
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54C93A8C-A15A-4439-BE64-2342202D4FF0}"=OpenOffice.org 2.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}"=RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}"=Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{773D6C77-4A5A-45C4-B4DE-3B6DAB4785BC}"=HP Broadband Wireless Modules
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}"=HP Photosmart Essential2.5
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}"=HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=Touch Pad Driver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}"=HP Integrated Module with Bluetooth wireless technology
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A5D89315-87F7-4B81-A737-05E675B67368}"=Ace-Online
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}"=LightScribe 1.4.136.1
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}"=HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B61B6668-A674-4A06-8405-51944D5CCDDD}"=AuthenTec Fingerprint Sensor Minimum Install
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}"=Adobe Flash Player 9 ActiveX
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}"=Windows Vista Upgrade Advisor
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator Basic v9
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}"=HP Product Detection
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}"=WinZip 12.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}"=HP Wireless Assistant
"{D97EB7EB-247F-482A-BB0B-4A3DACA2B337}_is1"=RF Equilibrium 1.0
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}"=HP Total Care Advisor
"{F7F3B252-E772-48AA-93EB-7964BC326067}"=MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}"=HP Active Support Library 32 bit components
"{FFC1ADE3-944B-4231-894E-3903C37271D2}"=Adobe Setup
"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390"=Adobe Flash CS3 Professional
"Alarm_is1"=Alarm 2.0.4
"AXIS Media Control"=AXIS Media Control
"AXIS Media Control Embedded"=AXIS Media Control Embedded
"BitComet"=BitComet 1.03
"CCleaner"=CCleaner (remove only)
"CNXT_AUDIO_HDA"=Conexant HD Audio
"CNXT_MODEM_HDA_HSF"=HDAUDIO Soft Data Fax Modem with SmartCP
"Continuum_is1"=Continuum 0.40
"CopyTrans Suite"=CopyTrans Suite Remove Only
"Gameforge4D AirRivals_is1"=AirRivals 1.0.0.13
"Gunbound Revolution_is1"=Gunbound Revolution
"Gunz"=ijji - Gunz
"HijackThis"=HijackThis 1.99.1
"HP Photosmart Essential"=HP Photosmart Essential 2.0
"Insaniquarium Deluxe 1.0"=Insaniquarium Deluxe 1.0
"LimeWire"=LimeWire PRO 4.18.8
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"mIRC"=mIRC
"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)
"NVIDIA Drivers"=NVIDIA Drivers
"Ragnarok Online"=Ragnarok Online
"Ragnarok Sakray"=Ragnarok Sakray
"RasWin"=RasWin (remove only)
"RF Online_is1"=RF Online - Episódio 2
"Sandlot Games Client Services 1.2.2_is1"=Sandlot Games Client Services 1.2.2
"SystemRequirementsLab"=System Requirements Lab
"Warcraft III"=Warcraft III
"WE Unlimited_is1"=WE Unlimited 1.20
"WinRAR archiver"=WinRAR archiver
"World of Warcraft"=World of Warcraft
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Messenger"=Yahoo! Messenger

[color=orange]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Forgottn RO"=Forgottn RO
"ijji.com"=ijji
"Warcraft III"=Warcraft III: All Products

[color=orange]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1515060504-3118681779-4121246500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Forgottn RO"=Forgottn RO
"ijji.com"=ijji
"Warcraft III"=Warcraft III: All Products

[color=orange]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11/25/2008 5:28:49 AM | Computer Name = Andoh | Source = Application Error | ID = 1000
Description = Faulting application mbam-setup.exe, version 1.30.0.0, time stamp
0x2a425e19, faulting module mbam-setup.exe, version 1.30.0.0, time stamp 0x2a425e19,
exception code 0x80000003, fault offset 0x00009a58, process id 0x3668, application
start time 0x01c94ee0394f785c.

Error - 11/25/2008 5:29:25 AM | Computer Name = Andoh | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.30.0.0, time stamp 0x48ff95f7,
faulting module mbam.exe, version 1.30.0.0, time stamp 0x48ff95f7, exception code
0x80000003, fault offset 0x00002e04, process id 0x37ec, application start time 0x01c94ee04e5f02bc.

Error - 11/25/2008 5:31:27 AM | Computer Name = Andoh | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.30.0.0, time stamp 0x48ff95f7,
faulting module mbam.exe, version 1.30.0.0, time stamp 0x48ff95f7, exception code
0x80000003, fault offset 0x00002e04, process id 0x3524, application start time 0x01c94ee0974b393c.

Error - 11/25/2008 5:31:37 AM | Computer Name = Andoh | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.30.0.0, time stamp 0x48ff95f7,
faulting module mbam.exe, version 1.30.0.0, time stamp 0x48ff95f7, exception code
0x80000003, fault offset 0x00002e04, process id 0x32d4, application start time 0x01c94ee09d5c435c.

Error - 11/25/2008 5:31:43 AM | Computer Name = Andoh | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.30.0.0, time stamp 0x48ff95f7,
faulting module mbam.exe, version 1.30.0.0, time stamp 0x48ff95f7, exception code
0x80000003, fault offset 0x00002e04, process id 0x3290, application start time 0x01c94ee0a0f76b7c.

Error - 11/25/2008 5:42:40 AM | Computer Name = Andoh | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16643, time stamp
0x47bce1b0, faulting module mshtml.dll, version 7.0.6000.16643, time stamp 0x47bd0104,
exception code 0xc0000005, fault offset 0x0003c2a5, process id 0x110c, application
start time 0x01c94eac5fd166cc.

Error - 11/25/2008 5:54:04 AM | Computer Name = Andoh | Source = Application Error | ID = 1000
Description = Faulting application AntivirusPro2009.exe, version 0.0.0.0, time stamp
0x492337cd, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x34633863, process id 0x35b8, application start time
0x01c94ee07061acfc.

Error - 11/25/2008 10:22:45 AM | Computer Name = Andoh | Source = WerSvc | ID = 5007
Description =

Error - 11/25/2008 11:13:30 AM | Computer Name = Andoh | Source = Application Error | ID = 1000
Description = Faulting application E_FBINACA.EXE, version 4.2.0.0, time stamp 0x40458740,
faulting module ADVAPI32.dll, version 6.0.6000.16386, time stamp 0x4549bcd2, exception
code 0xc0000005, fault offset 0x000183c6, process id 0xb9c, application start time
0x01c94f105b653440.

Error - 11/25/2008 11:25:40 PM | Computer Name = Andoh | Source = WerSvc | ID = 5007
Description =

[ System Events ]
Error - 11/25/2008 10:25:37 AM | Computer Name = Andoh | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 11/25/2008 11:12:48 AM | Computer Name = Andoh | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 11/25/2008 11:13:23 AM | Computer Name = Andoh | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.197 for the Network Card with network
address 001DE0104B53 has been denied by the DHCP server 10.49.4.2 (The DHCP Server
sent a DHCPNACK message).

Error - 11/25/2008 11:47:06 AM | Computer Name = Andoh | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 11/25/2008 2:56:00 PM | Computer Name = Andoh | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 11/25/2008 3:24:58 PM | Computer Name = Andoh | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 11/25/2008 9:23:30 PM | Computer Name = Andoh | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 11/25/2008 11:21:27 PM | Computer Name = Andoh | Source = LPDSVC | ID = 4001
Description =

Error - 11/25/2008 11:23:39 PM | Computer Name = Andoh | Source = LPDSVC | ID = 4000
Description =

Error - 11/25/2008 11:23:41 PM | Computer Name = Andoh | Source = Service Control Manager | ID = 7000
Description =

[ VeriSoft Events ]
Error - 10/21/2008 9:18:33 PM | Computer Name = Andoh | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Andy@Andoh Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/21/2008 9:18:40 PM | Computer Name = Andoh | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Andy@Andoh Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/28/2008 11:22:40 AM | Computer Name = Andoh | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Andy@Andoh Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/13/2008 4:23:03 PM | Computer Name = Andoh | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Andy@Andoh Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/14/2008 11:44:06 AM | Computer Name = Andoh | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Andy@Andoh Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/19/2008 11:45:20 PM | Computer Name = Andoh | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Andy@Andoh Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/20/2008 3:11:40 AM | Computer Name = Andoh | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Andy@Andoh Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/20/2008 4:32:28 PM | Computer Name = Andoh | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Andy@Andoh Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/24/2008 11:28:50 AM | Computer Name = Andoh | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Andy@Andoh Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/24/2008 11:30:27 AM | Computer Name = Andoh | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Andy@Andoh Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.


< End of report >

So is my virus gone yet?

Sorry for late response, yes it is clean.

How are things running ?