Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijackthis logs


  • This topic is locked This topic is locked

#1
Bex87

Bex87

    New Member

  • Member
  • Pip
  • 4 posts
Hi, Im am running Windows Vista on a laptop. I have removed a couple of trojans using Housecall but my google search keeps redirecting me to various websites. I have installed and run Hijack this and here are my log files. If anyone could help, I would very much appreciate it. Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:59, on 06/08/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\PM Driver\PMHandler.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBYtime.dll,[email protected]
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: lxby_device - - C:\Windows\system32\lxbycoms.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

--
End of file - 9922 bytes
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, Bex87!, Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)


We no longer use HijackThis here, so could you go through the following steps please, then get back to me with the logs that they create.



1)
OTL Quick Scan
Download OTL to your Desktop
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL logs
aswMBR log

  • 0

#3
Bex87

Bex87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 06/08/2011 16:29:47 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = c:\Users\Becky\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 35.34% Memory free
6.19 Gb Paging File | 4.46 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.30 Gb Total Space | 51.23 Gb Free Space | 35.75% Space Free | Partition Type: NTFS

Computer Name: BEX | User Name: Becky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/06 15:06:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- c:\Users\Becky\Downloads\OTL.exe
PRC - [2011/07/26 20:53:04 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2011/07/25 17:56:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/07 13:23:34 | 000,558,368 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008/08/07 13:23:26 | 000,148,768 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008/08/07 13:23:22 | 000,431,392 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2008/08/07 13:23:18 | 000,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008/08/07 13:23:16 | 000,116,000 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008/07/31 05:01:00 | 000,060,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008/06/06 18:26:38 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/06/06 18:14:08 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2008/03/27 11:45:12 | 000,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2008/03/14 11:08:38 | 000,054,560 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
PRC - [2008/03/11 14:33:02 | 000,054,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2007/11/29 19:43:44 | 000,841,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
PRC - [2007/11/29 18:56:34 | 000,722,232 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/06/06 02:11:28 | 000,034,352 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe
PRC - [2007/04/26 18:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2007/04/16 21:28:54 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbycoms.exe
PRC - [2007/03/16 14:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe
PRC - [2007/01/30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006/11/07 11:51:20 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE


========== Modules (SafeList) ==========

MOD - [2011/08/06 15:06:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- c:\Users\Becky\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/01/19 08:37:11 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2007/11/29 19:43:50 | 000,603,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
MOD - [2007/11/29 19:43:48 | 000,853,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_interface.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/26 20:53:04 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/08/24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/07 13:23:18 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008/08/07 13:23:16 | 000,116,000 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008/06/06 18:26:38 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/28 15:15:18 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/03/27 11:45:12 | 000,058,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008/03/14 11:08:38 | 000,054,560 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/29 18:56:34 | 000,722,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/09 08:06:02 | 000,149,992 | ---- | M] (Digital Delivery Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2007/04/16 21:28:54 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbycoms.exe -- (lxby_device)
SRV - [2007/03/16 14:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007/03/15 00:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007/03/15 00:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2007/02/12 22:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/11/16 01:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Disabled | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/11/03 05:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/02 19:08:41 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2008/11/02 17:56:39 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/08/08 15:15:24 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/05/28 15:15:20 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/12 19:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/02/22 16:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/06/17 06:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/05/22 15:35:00 | 007,117,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/29 22:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/03/22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/17 00:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/01/24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/09 23:34:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/11/08 08:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/06 09:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: [email protected]:7.005.030.004
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Becky\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/06/12 14:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/04 20:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/25 17:56:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 17:56:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2008/11/02 18:27:55 | 000,000,000 | ---D | M]

[2008/11/01 16:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becky\AppData\Roaming\Mozilla\Extensions
[2011/08/06 12:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\qic3al2n.default\extensions
[2010/12/26 16:05:27 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\qic3al2n.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/12/26 16:06:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\qic3al2n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/18 12:56:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\qic3al2n.default\extensions\[email protected]
[2008/11/01 16:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/04 20:56:08 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/06/12 14:00:10 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2011/07/25 17:56:34 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/07/25 17:56:34 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/07/25 17:56:35 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/07/25 17:56:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/05 21:50:16 | 000,436,305 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15019 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LXBYCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.DLL ()
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Becky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Becky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22cddddd-cf36-11dc-810b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{22cddddd-cf36-11dc-810b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\IsInstallPending.exe
O33 - MountPoints2\{65d279cf-c7a1-11de-9583-001e4cea2c56}\Shell - "" = AutoRun
O33 - MountPoints2\{65d279cf-c7a1-11de-9583-001e4cea2c56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{65d27a7b-c7a1-11de-9583-001e4cea2c56}\Shell - "" = AutoRun
O33 - MountPoints2\{65d27a7b-c7a1-11de-9583-001e4cea2c56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{65d27ac6-c7a1-11de-9583-001e4cea2c56}\Shell - "" = AutoRun
O33 - MountPoints2\{65d27ac6-c7a1-11de-9583-001e4cea2c56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{65d27aca-c7a1-11de-9583-001e4cea2c56}\Shell - "" = AutoRun
O33 - MountPoints2\{65d27aca-c7a1-11de-9583-001e4cea2c56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{65d27af7-c7a1-11de-9583-001e4cea2c56}\Shell - "" = AutoRun
O33 - MountPoints2\{65d27af7-c7a1-11de-9583-001e4cea2c56}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{d8dbb1c2-0fb9-11de-990f-001e4cea2c56}\Shell - "" = AutoRun
O33 - MountPoints2\{d8dbb1c2-0fb9-11de-990f-001e4cea2c56}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 11:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/06 11:51:12 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/24 17:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/24 16:28:30 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Users\Becky\Desktop\HousecallLauncher.exe
[2011/07/21 22:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/21 22:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/21 22:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/04 23:12:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxbyhcp.dll
[2009/05/04 23:07:18 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbyserv.dll
[2009/05/04 23:07:18 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbyusb1.dll
[2009/05/04 23:07:18 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbypmui.dll
[2009/05/04 23:07:18 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbylmpm.dll
[2009/05/04 23:07:18 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbyinpa.dll
[2009/05/04 23:07:18 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbyiesc.dll
[2009/05/04 23:07:18 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbyprox.dll
[2009/05/04 23:07:18 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbypplc.dll
[2009/05/04 23:07:17 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbyhbn3.dll
[2009/05/04 23:07:17 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbycomc.dll
[2009/05/04 23:07:17 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbycoms.exe
[2009/05/04 23:07:17 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbycomm.dll
[2009/05/04 23:07:17 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbyih.exe
[2009/05/04 23:07:17 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbycfg.exe
[2008/01/30 14:36:20 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/01/30 14:36:20 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/08/06 14:58:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 14:58:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 11:51:23 | 000,002,529 | ---- | M] () -- C:\Users\Becky\Desktop\HiJackThis.lnk
[2011/08/06 11:06:09 | 000,613,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/06 11:06:09 | 000,113,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/06 11:03:33 | 127,161,113 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/06 11:01:00 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2011/08/06 10:59:06 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011/08/06 10:59:04 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011/08/06 10:58:59 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2011/08/06 10:58:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/06 10:58:41 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/06 01:00:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/06 00:25:06 | 000,591,483 | ---- | M] () -- C:\Users\Becky\AppData\Local\census.cache
[2011/08/06 00:24:59 | 000,227,485 | ---- | M] () -- C:\Users\Becky\AppData\Local\ars.cache
[2011/08/05 22:00:13 | 000,027,335 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\nvModes.001
[2011/08/05 21:55:52 | 000,000,953 | ---- | M] () -- C:\Users\Becky\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/05 21:50:16 | 000,436,305 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/05 21:49:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/08/05 21:49:29 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/08/05 21:49:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/04 20:49:42 | 000,372,893 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/07/26 20:53:04 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2011/07/26 20:48:54 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011/07/24 16:28:43 | 000,000,036 | ---- | M] () -- C:\Users\Becky\AppData\Local\housecall.guid.cache
[2011/07/24 16:28:32 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\Becky\Desktop\HousecallLauncher.exe
[2011/07/23 12:26:17 | 000,436,091 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110805-215016.backup
[2011/07/21 22:32:21 | 000,001,081 | ---- | M] () -- C:\Users\Becky\Desktop\Spybot - Search & Destroy.lnk
[2011/07/17 20:22:52 | 001,923,344 | ---- | M] () -- C:\Users\Becky\Desktop\All_Volunteer_Opportunities.pdf
[2011/07/17 20:19:28 | 000,762,652 | ---- | M] () -- C:\Users\Becky\Desktop\2__VOLUNTEER_REGISTRATION_FORM.pdf
[2011/07/17 14:31:40 | 001,721,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/14 19:53:53 | 000,000,194 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html

========== Files Created - No Company Name ==========

[2011/08/06 11:51:12 | 000,002,529 | ---- | C] () -- C:\Users\Becky\Desktop\HiJackThis.lnk
[2011/08/05 21:49:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/07/24 19:50:27 | 000,591,483 | ---- | C] () -- C:\Users\Becky\AppData\Local\census.cache
[2011/07/24 19:49:44 | 000,227,485 | ---- | C] () -- C:\Users\Becky\AppData\Local\ars.cache
[2011/07/24 16:28:43 | 000,000,036 | ---- | C] () -- C:\Users\Becky\AppData\Local\housecall.guid.cache
[2011/07/21 22:32:21 | 000,001,081 | ---- | C] () -- C:\Users\Becky\Desktop\Spybot - Search & Destroy.lnk
[2011/07/17 20:22:52 | 001,923,344 | ---- | C] () -- C:\Users\Becky\Desktop\All_Volunteer_Opportunities.pdf
[2011/07/17 20:19:28 | 000,762,652 | ---- | C] () -- C:\Users\Becky\Desktop\2__VOLUNTEER_REGISTRATION_FORM.pdf
[2009/12/16 11:29:14 | 000,158,091 | ---- | C] () -- C:\Windows\hpoins29.dat
[2009/08/09 20:54:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/09 20:54:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/04 23:12:44 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxbyinst.dll
[2009/05/04 23:07:19 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbyvs.dll
[2009/05/04 23:07:17 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbycoin.dll
[2009/03/16 15:53:55 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2009/03/16 15:53:40 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2008/11/23 19:37:51 | 000,006,144 | ---- | C] () -- C:\Users\Becky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/12 18:21:44 | 000,027,335 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\nvModes.dat
[2008/11/12 18:21:44 | 000,027,335 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\nvModes.001
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/11/04 10:00:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/01 16:17:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/11/01 15:07:24 | 000,005,642 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/11/01 15:07:24 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\5EAB21FD4A.sys
[2008/11/01 14:40:22 | 000,000,680 | ---- | C] () -- C:\Users\Becky\AppData\Local\d3d9caps.dat
[2008/02/19 05:36:13 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2008/01/30 15:14:02 | 001,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2008/01/30 15:05:05 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/01/30 14:46:34 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/01/30 14:40:30 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/30 14:36:21 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/01/30 14:36:21 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/01/30 14:31:24 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/08/16 11:28:38 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2007/08/16 11:28:27 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2007/05/24 21:51:58 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2007/03/29 21:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/05 06:26:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/03 05:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 001,721,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,613,890 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,113,174 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 22:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/02/21 20:20:44 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Ashampoo
[2010/11/28 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\AVG10
[2010/06/20 19:18:56 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Facebook
[2010/12/26 16:17:53 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\GARMIN
[2008/11/01 14:44:17 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Lenovo
[2011/07/24 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\uTorrent
[2010/01/02 12:40:14 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/06 01:00:03 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


//


OTL Extras logfile created on: 06/08/2011 15:07:24 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Becky\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 36.90% Memory free
6.19 Gb Paging File | 4.52 Gb Available in Paging File | 72.98% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.30 Gb Total Space | 51.24 Gb Free Space | 35.76% Space Free | Partition Type: NTFS

Computer Name: BEX | User Name: Becky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-25661144-4294840732-1597060728-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02081730-0BBC-4BD1-A4A6-C63E6F6C293C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{0C1CB9E3-0057-4452-A23F-EEFA2AF285C5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{24EC24F5-FA53-49B6-A21B-BA8AD52978EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30631FCD-6495-4053-A30D-D3CCDA65156F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{588AF57F-0454-4F4C-9444-20B2918B02B5}" = protocol=6 | dir=in | app=c:\windows\system32\lxbycoms.exe |
"{5FBF2B68-6954-4747-89BE-9EFE6DE8F8CE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{721F6B34-0D50-4AA7-84B1-42474DC6A739}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbypswx.exe |
"{7F294E3E-DB4B-4F46-8C71-5F53956A7715}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{94F01B9F-0963-4324-BFB7-4339599FEB4F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbypswx.exe |
"{AFB2C355-ED7F-4BB3-8B11-51AE97C71B8E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B4CAA207-22A9-4C74-BB16-17893C6CB944}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B76AB4CA-0B60-451E-8BC7-C7FE9C52446A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C84AF4F5-A3E6-4644-8B39-AF80230453F7}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe |
"{CB50B085-C9A2-407A-8E9C-03B337459910}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D667412B-A9D6-4A89-9636-2A7A1205FEC2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D6E9FADE-F478-40E1-9C96-8A62DD04AB0D}" = protocol=17 | dir=in | app=c:\windows\system32\lxbycoms.exe |
"{DB6165BF-0129-427B-9361-955D44FE6B4F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{FCEE1787-26D9-4FC6-983A-0DD1B220DCE9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{02E47ACF-2CB8-4784-9223-1A9176C10540}E:\leicestershire police computrace\windows\ctmweb.exe" = protocol=6 | dir=in | app=e:\leicestershire police computrace\windows\ctmweb.exe |
"TCP Query User{7539AA68-EEEE-4B59-96AE-6F6DD9E9E74F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9E21AF8F-5BDC-47AA-9AE7-2EEE4AB0C4FA}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{348188B6-3BEF-43B8-9571-454328B608D6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{7451E097-D48C-497D-B560-F202C62CFE3D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CD00C18D-5CAF-43B5-8316-B0232C2764CD}E:\leicestershire police computrace\windows\ctmweb.exe" = protocol=17 | dir=in | app=e:\leicestershire police computrace\windows\ctmweb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F7ECD56-E224-4263-9B7E-158E5CECC43B}" = HP Photo and Imaging 2.1 - Scanjet 2400 Series
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B293806D-4407-4287-A00C-E9064174EF89}" = Network Magic
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E7C92C22-436B-46C4-AAF2-80C4C569A55F}" = AVG 2011
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.04
"Ashampoo WinOptimizer 2009_is1" = Ashampoo WinOptimizer 2009
"AVG" = AVG 2011
"AwayTask" = Maintenance Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"Lenovo News-Shop" = Lenovo News-Shop
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Lexmark P910 Series" = Lexmark P910 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"Orange Mobile Partner" = Orange Mobile Partner
"PC-Doctor for Windows" = Lenovo System Toolbox
"qt7lite_is1" = QT Lite 2.8.0
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/06/2010 18:11:12 | Computer Name = Bex | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files\Lenovo\HOTKEY\TpVolCtrlAut.exe".Error
in manifest or policy file "C:\Program Files\Lenovo\HOTKEY\TpVolCtrlAut.exe" on
line 21. The element trustInfo appears as a child of element urn:schemas-microsoft-com:asm.v1^dependency
which is not supported by this version of Windows.

Error - 01/07/2010 15:52:56 | Computer Name = Bex | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files\Lenovo\HOTKEY\TpVolCtrlAut.exe".Error
in manifest or policy file "C:\Program Files\Lenovo\HOTKEY\TpVolCtrlAut.exe" on
line 21. The element trustInfo appears as a child of element urn:schemas-microsoft-com:asm.v1^dependency
which is not supported by this version of Windows.

Error - 01/07/2010 15:55:23 | Computer Name = Bex | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files\Lenovo\HOTKEY\TpVolCtrlAut.exe".Error
in manifest or policy file "C:\Program Files\Lenovo\HOTKEY\TpVolCtrlAut.exe" on
line 21. The element trustInfo appears as a child of element urn:schemas-microsoft-com:asm.v1^dependency
which is not supported by this version of Windows.

Error - 10/07/2010 14:26:37 | Computer Name = Bex | Source = RasClient | ID = 20227
Description =

Error - 11/07/2010 08:44:51 | Computer Name = Bex | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/07/2010 10:32:23 | Computer Name = Bex | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/07/2010 13:34:27 | Computer Name = Bex | Source = LoadPerf | ID = 3001
Description =

Error - 12/07/2010 13:34:27 | Computer Name = Bex | Source = LoadPerf | ID = 3011
Description =

Error - 12/07/2010 13:34:30 | Computer Name = Bex | Source = LoadPerf | ID = 3001
Description =

Error - 13/07/2010 17:22:06 | Computer Name = Bex | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 06/08/2011 05:53:55 | Computer Name = Bex | Source = Service Control Manager | ID = 7022
Description =

Error - 06/08/2011 05:53:55 | Computer Name = Bex | Source = Service Control Manager | ID = 7026
Description =

Error - 06/08/2011 05:58:53 | Computer Name = Bex | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:54:44 on 06/08/2011 was unexpected.

Error - 06/08/2011 05:57:46 | Computer Name = Bex | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 06/08/2011 05:58:37 | Computer Name = Bex | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 06/08/2011 05:59:21 | Computer Name = Bex | Source = Service Control Manager | ID = 7000
Description =

Error - 06/08/2011 06:01:00 | Computer Name = Bex | Source = Service Control Manager | ID = 7022
Description =

Error - 06/08/2011 06:01:00 | Computer Name = Bex | Source = Service Control Manager | ID = 7026
Description =

Error - 06/08/2011 06:23:34 | Computer Name = Bex | Source = DCOM | ID = 10010
Description =

Error - 06/08/2011 08:39:11 | Computer Name = Bex | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001DE0708EB1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >


//


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-06 16:40:33
-----------------------------
16:40:33.542 OS Version: Windows 6.0.6002 Service Pack 2
16:40:33.542 Number of processors: 2 586 0x1706
16:40:33.543 ComputerName: BEX UserName:
16:40:33.986 Initialize success
16:41:36.780 AVAST engine download error: 0
16:41:41.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:41:41.865 Disk 0 Vendor: ST916082 3.CL Size: 152627MB BusType: 3
16:41:41.929 Disk 0 MBR read successfully
16:41:41.931 Disk 0 MBR scan
16:41:41.934 Disk 0 unknown MBR code
16:41:41.938 Disk 0 scanning sectors +312578048
16:41:42.014 Disk 0 scanning C:\Windows\system32\drivers
16:41:51.120 Service scanning
16:41:54.176 Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED** 32
16:41:54.707 Modules scanning
16:43:04.021 Disk 0 trace - called modules:
16:43:04.087 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8b3d81ed]<<
16:43:04.091 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acddac8]
16:43:04.096 3 CLASSPNP.SYS[8eeaa8b3] -> nt!IofCallDriver -> [0x89c41710]
16:43:04.100 5 acpi.sys[872496bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89c4b030]
16:43:04.104 \Driver\iaStor[0x89c2f928] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8b3d81ed
16:43:04.109 Scan finished successfully
16:47:08.045 Disk 0 MBR has been saved successfully to "C:\Users\Becky\Desktop\MBR.dat"
16:47:08.050 The log file has been saved successfully to "C:\Users\Becky\Desktop\aswMBR.txt"


//

Thanks so much for your help.
  • 0

#4
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs. Could you run the following program please, then get back to me with the log that it creates :)



Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
Bex87

Bex87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
2011/08/07 14:46:05.0752 5428 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/07 14:46:06.0110 5428 ================================================================================
2011/08/07 14:46:06.0110 5428 SystemInfo:
2011/08/07 14:46:06.0110 5428
2011/08/07 14:46:06.0110 5428 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/07 14:46:06.0110 5428 Product type: Workstation
2011/08/07 14:46:06.0110 5428 ComputerName: BEX
2011/08/07 14:46:06.0110 5428 UserName: Becky
2011/08/07 14:46:06.0110 5428 Windows directory: C:\Windows
2011/08/07 14:46:06.0110 5428 System windows directory: C:\Windows
2011/08/07 14:46:06.0110 5428 Processor architecture: Intel x86
2011/08/07 14:46:06.0110 5428 Number of processors: 2
2011/08/07 14:46:06.0110 5428 Page size: 0x1000
2011/08/07 14:46:06.0110 5428 Boot type: Normal boot
2011/08/07 14:46:06.0110 5428 ================================================================================
2011/08/07 14:46:08.0887 5428 Initialize success
2011/08/07 14:46:11.0945 0596 ================================================================================
2011/08/07 14:46:11.0945 0596 Scan started
2011/08/07 14:46:11.0945 0596 Mode: Manual;
2011/08/07 14:46:11.0945 0596 ================================================================================
2011/08/07 14:46:17.0483 0596 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/07 14:46:18.0372 0596 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/07 14:46:19.0105 0596 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/07 14:46:19.0776 0596 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/07 14:46:20.0353 0596 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/07 14:46:21.0008 0596 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/07 14:46:21.0539 0596 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
2011/08/07 14:46:22.0553 0596 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/08/07 14:46:23.0192 0596 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/07 14:46:23.0614 0596 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/07 14:46:24.0284 0596 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/08/07 14:46:24.0893 0596 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/07 14:46:25.0595 0596 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/08/07 14:46:25.0969 0596 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/07 14:46:26.0297 0596 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/07 14:46:27.0046 0596 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/07 14:46:27.0748 0596 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/07 14:46:28.0356 0596 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/07 14:46:28.0855 0596 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/07 14:46:29.0588 0596 ATSWPDRV (f70d2392158cb68e775f8c4cd3d12fbb) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2011/08/07 14:46:30.0322 0596 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/07 14:46:30.0602 0596 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/08/07 14:46:30.0680 0596 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/07 14:46:30.0727 0596 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/08/07 14:46:30.0836 0596 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/08/07 14:46:31.0117 0596 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/08/07 14:46:32.0131 0596 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/08/07 14:46:32.0786 0596 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/08/07 14:46:33.0566 0596 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/07 14:46:34.0331 0596 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/07 14:46:34.0752 0596 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/07 14:46:35.0173 0596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/07 14:46:35.0626 0596 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/07 14:46:36.0296 0596 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/07 14:46:36.0796 0596 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/07 14:46:37.0061 0596 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/07 14:46:37.0420 0596 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/07 14:46:37.0654 0596 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/07 14:46:38.0387 0596 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/07 14:46:38.0746 0596 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/07 14:46:39.0494 0596 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/08/07 14:46:39.0791 0596 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/07 14:46:40.0462 0596 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2011/08/07 14:46:40.0930 0596 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/08/07 14:46:41.0148 0596 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/07 14:46:41.0382 0596 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/07 14:46:41.0928 0596 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/07 14:46:42.0396 0596 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/07 14:46:42.0583 0596 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/07 14:46:43.0441 0596 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/07 14:46:43.0862 0596 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/08/07 14:46:44.0689 0596 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/07 14:46:45.0157 0596 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/07 14:46:45.0781 0596 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/07 14:46:46.0343 0596 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/07 14:46:47.0107 0596 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/07 14:46:47.0591 0596 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/07 14:46:48.0355 0596 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/07 14:46:48.0823 0596 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/07 14:46:49.0307 0596 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/07 14:46:49.0666 0596 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/07 14:46:49.0806 0596 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/07 14:46:50.0009 0596 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/07 14:46:50.0243 0596 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/07 14:46:50.0960 0596 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/07 14:46:51.0694 0596 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/07 14:46:51.0896 0596 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/07 14:46:52.0302 0596 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/07 14:46:52.0801 0596 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/07 14:46:53.0316 0596 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/07 14:46:53.0690 0596 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/07 14:46:54.0080 0596 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/07 14:46:54.0611 0596 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/07 14:46:55.0141 0596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/07 14:46:55.0640 0596 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/07 14:46:55.0921 0596 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/07 14:46:56.0686 0596 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/07 14:46:56.0966 0596 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/07 14:46:57.0419 0596 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/07 14:46:57.0840 0596 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/07 14:46:58.0511 0596 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/07 14:46:58.0838 0596 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/08/07 14:46:58.0979 0596 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/07 14:46:59.0275 0596 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/07 14:46:59.0728 0596 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/07 14:47:01.0225 0596 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/07 14:47:01.0459 0596 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/07 14:47:02.0380 0596 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/07 14:47:03.0503 0596 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/07 14:47:04.0876 0596 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/07 14:47:05.0453 0596 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/07 14:47:06.0170 0596 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/07 14:47:06.0685 0596 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/07 14:47:07.0262 0596 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/07 14:47:07.0512 0596 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/07 14:47:07.0996 0596 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/07 14:47:08.0495 0596 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/07 14:47:08.0978 0596 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/07 14:47:09.0524 0596 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/07 14:47:09.0977 0596 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/08/07 14:47:10.0492 0596 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/07 14:47:11.0194 0596 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
2011/08/07 14:47:11.0662 0596 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/07 14:47:12.0052 0596 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/08/07 14:47:12.0613 0596 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/07 14:47:13.0019 0596 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/07 14:47:13.0346 0596 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/07 14:47:13.0471 0596 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/07 14:47:13.0658 0596 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/07 14:47:13.0799 0596 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/07 14:47:13.0908 0596 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/07 14:47:13.0986 0596 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/07 14:47:14.0048 0596 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/07 14:47:14.0111 0596 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/07 14:47:14.0189 0596 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/07 14:47:14.0251 0596 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/07 14:47:14.0345 0596 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/07 14:47:14.0407 0596 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/07 14:47:14.0485 0596 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/07 14:47:14.0532 0596 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/07 14:47:14.0579 0596 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/07 14:47:14.0641 0596 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/08/07 14:47:14.0688 0596 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/07 14:47:14.0735 0596 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/07 14:47:14.0844 0596 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/07 14:47:14.0938 0596 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/07 14:47:14.0984 0596 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/07 14:47:15.0078 0596 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/07 14:47:15.0203 0596 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/07 14:47:15.0343 0596 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/07 14:47:15.0437 0596 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/07 14:47:15.0515 0596 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/07 14:47:15.0608 0596 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/07 14:47:15.0796 0596 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/07 14:47:15.0905 0596 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/07 14:47:15.0998 0596 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/07 14:47:16.0123 0596 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/07 14:47:16.0279 0596 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/07 14:47:16.0420 0596 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/07 14:47:16.0513 0596 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/07 14:47:16.0763 0596 NETw4v32 (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/08/07 14:47:16.0981 0596 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/07 14:47:17.0137 0596 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/07 14:47:17.0293 0596 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/07 14:47:17.0527 0596 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/07 14:47:17.0730 0596 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/07 14:47:17.0855 0596 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/07 14:47:18.0619 0596 nvlddmkm (e3e9e8cce32ff51c3928f71a0d4dad81) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/07 14:47:19.0134 0596 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/07 14:47:19.0212 0596 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/07 14:47:19.0259 0596 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/07 14:47:19.0524 0596 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/07 14:47:19.0727 0596 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/08/07 14:47:19.0820 0596 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/07 14:47:20.0101 0596 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/07 14:47:20.0476 0596 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/07 14:47:20.0850 0596 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/08/07 14:47:21.0178 0596 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/07 14:47:21.0770 0596 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/07 14:47:22.0550 0596 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/07 14:47:22.0894 0596 PROCDD (c9ca089787aa4ca892f2173a8e15c1b0) C:\Windows\system32\DRIVERS\PROCDD.SYS
2011/08/07 14:47:23.0237 0596 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/07 14:47:23.0596 0596 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
2011/08/07 14:47:23.0954 0596 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/07 14:47:24.0641 0596 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/07 14:47:24.0812 0596 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/07 14:47:24.0937 0596 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/07 14:47:25.0093 0596 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/07 14:47:25.0390 0596 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/07 14:47:25.0686 0596 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/07 14:47:26.0029 0596 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/07 14:47:26.0326 0596 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/07 14:47:26.0466 0596 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/07 14:47:26.0716 0596 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/07 14:47:26.0950 0596 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/07 14:47:27.0402 0596 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/07 14:47:27.0948 0596 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/07 14:47:28.0681 0596 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/08/07 14:47:28.0993 0596 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/08/07 14:47:29.0274 0596 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/08/07 14:47:29.0742 0596 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/07 14:47:30.0038 0596 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/07 14:47:30.0444 0596 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/07 14:47:30.0647 0596 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/07 14:47:30.0912 0596 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/07 14:47:31.0068 0596 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/08/07 14:47:31.0208 0596 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/07 14:47:31.0302 0596 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/08/07 14:47:31.0380 0596 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/07 14:47:31.0739 0596 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/07 14:47:31.0988 0596 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/07 14:47:32.0066 0596 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/07 14:47:32.0503 0596 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/07 14:47:32.0644 0596 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/07 14:47:33.0158 0596 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/07 14:47:35.0935 0596 SNP2UVC (537cd54295cdbcc4dcffe95e234387ae) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/08/07 14:47:39.0586 0596 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/07 14:47:39.0944 0596 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/07 14:47:40.0412 0596 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/07 14:47:41.0005 0596 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/07 14:47:41.0567 0596 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/07 14:47:42.0425 0596 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/07 14:47:42.0628 0596 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/07 14:47:42.0830 0596 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/07 14:47:43.0189 0596 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/07 14:47:44.0000 0596 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/08/07 14:47:44.0266 0596 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/07 14:47:44.0437 0596 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/07 14:47:44.0609 0596 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/07 14:47:44.0796 0596 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/07 14:47:44.0858 0596 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/07 14:47:44.0921 0596 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/07 14:47:45.0155 0596 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/07 14:47:45.0280 0596 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/07 14:47:45.0436 0596 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/07 14:47:45.0576 0596 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
2011/08/07 14:47:45.0654 0596 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\Windows\system32\DRIVERS\Tvti2c.sys
2011/08/07 14:47:45.0779 0596 tvtumon (2d1ec233c89416ba8187c9d7d49a075a) C:\Windows\system32\DRIVERS\tvtumon.sys
2011/08/07 14:47:46.0013 0596 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/07 14:47:46.0106 0596 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/07 14:47:46.0153 0596 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/07 14:47:46.0200 0596 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/07 14:47:46.0247 0596 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/07 14:47:46.0309 0596 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/07 14:47:46.0372 0596 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/07 14:47:46.0465 0596 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/07 14:47:46.0559 0596 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/07 14:47:46.0621 0596 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/07 14:47:46.0730 0596 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/07 14:47:46.0824 0596 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/07 14:47:46.0855 0596 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/07 14:47:46.0918 0596 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/07 14:47:47.0027 0596 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/07 14:47:47.0105 0596 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/07 14:47:47.0167 0596 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/07 14:47:47.0230 0596 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/07 14:47:47.0276 0596 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/07 14:47:47.0339 0596 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/07 14:47:47.0386 0596 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/07 14:47:47.0417 0596 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/07 14:47:47.0448 0596 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/08/07 14:47:47.0776 0596 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/07 14:47:47.0963 0596 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/07 14:47:48.0025 0596 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/08/07 14:47:48.0025 0596 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/08/07 14:47:48.0041 0596 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/08/07 14:47:48.0181 0596 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/07 14:47:48.0353 0596 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/07 14:47:48.0462 0596 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/07 14:47:48.0493 0596 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/07 14:47:48.0634 0596 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/07 14:47:48.0790 0596 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/07 14:47:49.0070 0596 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/07 14:47:49.0226 0596 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/07 14:47:49.0336 0596 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/07 14:47:49.0601 0596 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/07 14:47:49.0663 0596 MBR (0x1B8) (80e75625ad819650b22a312be94f5642) \Device\Harddisk0\DR0
2011/08/07 14:47:49.0694 0596 Boot (0x1200) (9078392e80e295625448efb6afb69a25) \Device\Harddisk0\DR0\Partition0
2011/08/07 14:47:49.0710 0596 ================================================================================
2011/08/07 14:47:49.0710 0596 Scan finished
2011/08/07 14:47:49.0710 0596 ================================================================================
2011/08/07 14:47:49.0710 5524 Detected object count: 1
2011/08/07 14:47:49.0710 5524 Actual detected object count: 1
2011/08/07 15:24:08.0640 5524 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys
2011/08/07 15:24:08.0640 5524 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093
2011/08/07 15:24:12.0992 5524 Backup copy found, using it..
2011/08/07 15:24:13.0008 5524 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/08/07 15:24:13.0008 5524 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
  • 0

#6
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent, it looks to have cured the infected file there :)

Lets now do some scans to check for any leftovers that may still be lurking...



1)
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




2)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • If a message appears asking how to handle an infection, tick the Apply to all objects box, then click Disinfection
  • If it says it cannot be Disinfected, then chooose the Delete option when prompted.
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.




In your next reply
Please post the contents of...
MBAM log
Kaspersky log

  • 0

#7
Bex87

Bex87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi, really sorry for the long delay in replies. I have what you asked for:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7429

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

10/08/2011 21:34:05
mbam-log-2011-08-10 (21-34-05).txt

Scan type: Quick scan
Objects scanned: 191606
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I cannot create a log on kaspersky as there are no threats detected. Everything appears to be working well. Thanks so much for all of your help!!
  • 0

#8
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, thanks for getting back. Great to hear it's now working normally. All your logs look good to me, so I'll now post my cleanup steps, which will guide you through removing the tools we have used :yes:



Good stuff, your logs now appear clean :)

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected


Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR and TDSSKiller from the Desktop (if present)

2)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
    [CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

3)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

4)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :unsure:
BlackOxide

  • 0

#9
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP