Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible malware on wifes computer


  • Please log in to reply

#1
HunterAce

HunterAce

    Member

  • Member
  • PipPip
  • 27 posts
HAPPY THANKSGIVING!

Lenovo ideapad running vista home premium with SP2.

When I open firefox it goes directly to 'mywebsearch' and almost all links i click on return
results with mywebsearch in the http address. Figure something is on here that shouldn't be.
Please help! OTL is below. Thanks!
Brian

OTL logfile created on: 11/25/2011 9:58:13 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Karla\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 51.26% Memory free
8.12 Gb Paging File | 6.22 Gb Available in Paging File | 76.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252.95 Gb Total Space | 168.62 Gb Free Space | 66.66% Space Free | Partition Type: NTFS
Drive D: | 30.38 Gb Total Space | 28.44 Gb Free Space | 93.60% Space Free | Partition Type: NTFS

Computer Name: FARNSLEYHOME | User Name: Karla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Karla\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe (AT&T)
PRC - C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe (AT&T)
PRC - C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Windows\SysWOW64\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\Windows\SysWOW64\SBarHook.DLL ()
MOD - C:\Program Files (x86)\Lenovo\ReadyComm\NetApp.dll ()
MOD - C:\Program Files (x86)\Lenovo\ReadyComm\NetApp.en.dll ()
MOD - C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll ()
MOD - C:\Program Files (x86)\Lexmark 7300 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark 7300 Series\lxcidrec.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DKService.exe (Diskeeper Corporation)
SRV:64bit: - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxci_device) -- C:\Windows\SysNative\lxcicoms.exe ( )
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (DDNIService) -- C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
SRV - (DDNIMSGService) -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
SRV - (NetLogSvc) -- C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe (AT&T)
SRV - (netcfgsvr) -- C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe (AT&T)
SRV - (NetClientSvc) -- C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe (AT&T)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IncSvc) -- C:\Windows\SysWow64\IgrsSvcs.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (lxci_device) -- C:\Windows\SysWow64\lxcicoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (agnfilt) -- C:\Windows\SysNative\DRIVERS\agnfilt.sys (AT&T)
DRV:64bit: - (avpnnic) -- C:\Windows\SysNative\DRIVERS\avpnnic.sys (AT&T)
DRV:64bit: - (funfrm) -- C:\Windows\SysNative\drivers\funfrm.sys ()
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\DRIVERS\SMIksdrv.sys (SMI)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\DRIVERS\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (tvtumon) -- C:\Windows\SysNative\DRIVERS\tvtumon.sys (Lenovo)
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\drivers\swmsflt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (WSVD) -- C:\Windows\SysNative\drivers\WSVD.sys (CyberLink)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\DRIVERS\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...69-8E280E5B5E81
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 21 42 DD 00 D5 31 59 43 BB 56 F5 37 64 7F 0C 1C [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.startup.homepage: "http://home.mywebsea...9-8E280E5B5E81"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1289
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.7896
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.1.0
FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - prefs.js..extensions.enabledItems: {849e0057-800b-45b2-b98a-2c7ae9d8d22d}:1.0
FF - prefs.js..keyword.URL: "http://search.mywebs...f86&searchfor="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.DailyBibleGuide.com/Plugin: C:\Program Files (x86)\DailyBibleGuideEI\Installr\2.bin\NP2vEISB.dll (DailyBibleGuide)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Karla\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Karla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Karla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/03 17:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011/07/18 19:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 22:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 22:35:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Karla\AppData\Roaming\Move Networks [2009/05/28 22:06:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011/07/18 19:43:32 | 000,000,000 | ---D | M]

[2009/05/28 13:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karla\AppData\Roaming\Mozilla\Extensions
[2010/02/03 14:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karla\AppData\Roaming\Mozilla\eclipse1\extensions
[2011/11/24 20:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions
[2011/03/08 20:01:39 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/03 17:07:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/18 19:46:28 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2010/05/26 11:31:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/25 19:49:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{849e0057-800b-45b2-b98a-2c7ae9d8d22d}
[2011/07/18 19:46:27 | 000,002,293 | ---- | M] () -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\searchplugins\bing-zugo.xml
[2011/11/01 11:31:56 | 000,009,946 | ---- | M] () -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\searchplugins\DailyBibleGuide.xml
[2011/09/05 20:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/17 15:45:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/18 19:48:38 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/23 20:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/29 23:25:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/18 19:43:32 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES (X86)\OBJECT\FACETHEME
[2011/10/03 17:35:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/05/28 22:06:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\KARLA\APPDATA\ROAMING\MOVE NETWORKS
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://stp.startnow....ion=6.0-x64-SP2
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Karla\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: avast! WebRep = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Facetheme = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl\1.0_0\
CHR - Extension: Skype Extension = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Facetheme) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - C:\Program Files (x86)\Object\bho_project.dll (InternetEngine)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LXCICATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCItime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcimon.exe] C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Unattend0000000001{2F0CCE2D-26B0-45A0-90A2-BEE09B5FC562}] C:\Windows\test.bat File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OnekeyDM] C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files (x86)\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [ReadyComm] C:\Program Files (x86)\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
O4 - Startup: C:\Users\Karla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC570A2-BE7B-4750-BD61-97CAEFD53BF2}: NameServer = 9.0.8.1,9.0.9.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9BED840-E2A9-423C-B4A3-06F5B5ECE05C}: DhcpNameServer = 68.87.72.134 68.87.77.134
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Karla\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Karla\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/25 09:56:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Karla\Desktop\OTL.exe
[2011/11/25 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\Karla\AppData\Local\Apps
[2011/11/24 23:12:01 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/24 23:09:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/11/24 23:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/11/24 23:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/24 23:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/11/24 23:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/11/21 21:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/10/30 20:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DailyBibleGuideEI
[2011/10/26 18:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2009/06/14 18:24:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciserv.dll
[2009/06/14 18:24:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciusb1.dll
[2009/06/14 18:24:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcihbn3.dll
[2009/06/14 18:24:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomc.dll
[2009/06/14 18:24:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipmui.dll
[2009/06/14 18:24:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcilmpm.dll
[2009/06/14 18:24:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicoms.exe
[2009/06/14 18:24:19 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomm.dll
[2009/06/14 18:24:19 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciinpa.dll
[2009/06/14 18:24:19 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciiesc.dll
[2009/06/14 18:24:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciih.exe
[2009/06/14 18:24:19 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicfg.exe
[2009/06/14 18:24:19 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcippls.exe
[2009/06/14 18:24:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciprox.dll
[2009/06/14 18:24:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipplc.dll
[2009/01/12 08:00:35 | 001,526,576 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax9f.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/25 10:05:20 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{878A6B74-34F7-45AC-8FEC-A0D5E5567103}.job
[2011/11/25 09:56:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karla\Desktop\OTL.exe
[2011/11/25 09:38:31 | 000,756,644 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/25 09:38:31 | 000,642,392 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/25 09:38:31 | 000,118,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/25 09:33:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/25 09:32:41 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 09:32:39 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/25 09:32:03 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011/11/25 09:31:21 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 09:31:21 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 09:31:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 00:31:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-496822439-3291657786-1735164273-1003UA.job
[2011/11/25 00:22:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/11/24 23:12:00 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/24 23:11:57 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/24 23:09:32 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/22 10:31:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-496822439-3291657786-1735164273-1003Core.job
[2011/11/21 21:35:53 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/20 21:44:46 | 000,033,355 | ---- | M] () -- C:\Users\Karla\Documents\Employment Search information.odt
[2011/11/20 15:36:36 | 000,022,996 | ---- | M] () -- C:\Users\Karla\Documents\Balance of Dad's cash.ods
[2011/11/20 08:58:34 | 000,020,291 | ---- | M] () -- C:\Users\Karla\Documents\Unemployment Account Balances.ods
[2011/11/19 11:40:01 | 000,408,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/19 11:17:07 | 000,709,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/19 11:12:08 | 000,000,422 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2011/11/18 11:33:01 | 000,002,004 | ---- | M] () -- C:\Users\Karla\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 11:33:00 | 000,002,042 | ---- | M] () -- C:\Users\Karla\Desktop\Google Chrome.lnk
[2011/11/10 22:31:08 | 000,011,197 | ---- | M] () -- C:\Users\Karla\Documents\To do list while Kirbee is in Indy.odt
[2011/10/31 12:47:27 | 000,010,660 | ---- | M] () -- C:\Users\Karla\Documents\Places in Greenwood for Kirbee.odt
[2011/10/26 18:10:23 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/25 09:32:33 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/25 01:02:16 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/24 23:09:32 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/21 21:35:53 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/06 22:21:30 | 000,011,197 | ---- | C] () -- C:\Users\Karla\Documents\To do list while Kirbee is in Indy.odt
[2011/10/31 11:08:11 | 000,010,660 | ---- | C] () -- C:\Users\Karla\Documents\Places in Greenwood for Kirbee.odt
[2011/10/26 18:10:23 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/05 20:44:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/07/05 20:43:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/07/05 20:42:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/01/07 21:22:53 | 000,012,288 | ---- | C] () -- C:\Users\Karla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/12 07:51:18 | 000,217,942 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/06/14 18:54:22 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/06/14 18:53:30 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2009/06/14 18:53:14 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/06/14 18:24:19 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcicomx.dll
[2009/06/14 18:24:19 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxciinst.dll
[2009/05/15 15:22:30 | 002,101,248 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2009/05/15 15:22:01 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2009/05/15 15:21:51 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2009/05/15 15:11:28 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\SBarHook.DLL
[2009/05/15 14:55:05 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/05/15 14:55:02 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/05/15 14:55:00 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/01/12 07:28:33 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/01/12 07:04:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/27 20:29:00 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\OnekeyDM.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/06/15 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\EasyCapture
[2011/03/08 20:02:21 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\GARMIN
[2009/10/03 21:43:06 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\Home Sweet Home
[2009/05/28 13:17:48 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\Lenovo
[2009/05/28 13:17:55 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\LenovoDesktopNavigator
[2011/03/08 20:27:26 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\NewSoft
[2009/09/15 19:53:25 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\OpenOffice.org
[2010/03/11 22:01:44 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\PlayFirst
[2011/09/05 20:03:35 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\Sammsoft
[2010/02/03 10:17:13 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\Sierra Wireless
[2010/01/31 17:34:01 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\SmartDraw
[2011/09/05 20:06:28 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\Systweak
[2009/05/28 14:00:33 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\WildTangent
[2010/04/21 21:46:14 | 000,000,000 | ---D | M] -- C:\Users\Karla\AppData\Roaming\Worldwinner
[2011/11/25 09:32:39 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/11/25 00:22:00 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/11/25 01:02:56 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/25 10:05:20 | 000,000,456 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{878A6B74-34F7-45AC-8FEC-A0D5E5567103}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 21 42 DD 00 D5 31 59 43 BB 56 F5 37 64 7F 0C 1C [binary data]
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.startup.homepage: "http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XMxdm018YYus&ptb=B779AB42-5993-43F2-9569-8E280E5B5E81"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.1.0
FF - prefs.js..extensions.enabledItems: {849e0057-800b-45b2-b98a-2c7ae9d8d22d}:1.0
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm018YYus&ptb=B779AB42-5993-43F2-9569-8E280E5B5E81&psa=&ind=2011103110&ptnrS=XMxdm018YYus&si=&st=kwd&n=77deff86&searchfor="
[2011/07/18 19:46:28 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2010/05/26 11:31:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/25 19:49:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{849e0057-800b-45b2-b98a-2c7ae9d8d22d}
[2011/07/18 19:46:27 | 000,002,293 | ---- | M] () -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\searchplugins\bing-zugo.xml
[2010/03/17 15:45:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/23 20:13:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/29 23:25:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O4:64bit: - HKLM..\Run: [Unattend0000000001{2F0CCE2D-26B0-45A0-90A2-BEE09B5FC562}] C:\Windows\test.bat File not found
O4 - HKCU..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Ron
  • 0

#3
HunterAce

HunterAce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ron,
Thank you for your hard work. I've think I have attached all the logs below. - Brian

MBAM:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8240

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11/25/2011 3:26:36 PM
mbam-log-2011-11-25 (15-26-36).txt

Scan type: Quick scan
Objects scanned: 171678
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 32

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{cbc5b60a-aa4d-45f6-84c2-d086f320299a} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\skin (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\bho_project.dll (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon.crx (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\enable.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\chrome.manifest (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\config_build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\files (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\install.rdf (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\readme.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\firefoxoverlay.xul (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\installid.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\overlay.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\skin\overlay.css (PUP.FCTPlugin) -> Quarantined and deleted successfully.

COMBOFIX
ComboFix 11-11-25.02 - Karla 11/25/2011 15:46:53.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4056.2157 [GMT -5:00]
Running from: c:\users\Karla\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DailyBibleGuideEI
c:\program files (x86)\DailyBibleGuideEI\Installr\2.bin\2vEIPlug.dll
c:\program files (x86)\DailyBibleGuideEI\Installr\2.bin\2vEZSETP.dll
c:\program files (x86)\DailyBibleGuideEI\Installr\2.bin\NP2vEISb.dll
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\programdata\SPL7766.tmp
c:\programdata\SPL7FF3.tmp
c:\programdata\SPLBC21.tmp
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-25 21:10 . 2011-11-25 21:10 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54139D79-95D5-4ED2-88FD-BA98BCB9914F}\offreg.dll
2011-11-25 21:08 . 2011-11-25 21:14 -------- d-----w- c:\users\Karla\AppData\Local\temp
2011-11-25 21:08 . 2011-11-25 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-25 20:20 . 2011-11-25 20:20 -------- d-----w- c:\users\Karla\AppData\Roaming\Malwarebytes
2011-11-25 20:20 . 2011-11-25 20:20 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 20:20 . 2011-11-25 20:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-25 20:20 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 19:42 . 2011-11-25 19:42 -------- d-----w- C:\_OTL
2011-11-25 14:44 . 2011-11-25 14:44 -------- d-----w- c:\users\Karla\AppData\Local\Apps
2011-11-25 06:02 . 2011-11-25 04:11 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-25 04:12 . 2011-11-25 04:12 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-25 04:09 . 2011-11-25 04:09 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-25 04:09 . 2011-08-18 20:25 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-25 04:08 . 2011-11-25 04:09 -------- d-----w- c:\programdata\Lavasoft
2011-11-25 04:08 . 2011-11-25 04:08 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-19 16:14 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54139D79-95D5-4ED2-88FD-BA98BCB9914F}\mpengine.dll
2011-11-19 15:30 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-19 15:30 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-11-19 15:30 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-11-19 15:30 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-11-19 15:30 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-11-19 15:30 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-19 15:30 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-11-19 15:30 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-19 15:30 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 15:30 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-11-19 15:30 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-11-19 15:29 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-19 15:29 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-19 15:29 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-19 15:28 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll
2011-11-19 15:28 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll
2011-11-19 15:28 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-19 15:28 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-19 15:28 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-19 15:28 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-19 15:21 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-19 15:21 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-19 15:21 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-19 15:21 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-11-19 15:21 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-11-19 15:21 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-11-19 15:21 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-19 15:21 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 01:39 . 2011-10-26 01:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2011-07-06 02:37 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-07-06 02:37 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-07-05 03:19 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-06 02:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-07-06 02:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-07-06 02:38 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-07-06 02:38 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-07-06 02:38 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-07-06 02:38 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ReadyComm"="c:\program files (x86)\Lenovo\ReadyComm\ReadyComm.exe" [2008-07-24 425984]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"NetSP - restore settings on power failure"="c:\program files (x86)\AT&T Global Network Client\NetSP.exe" [2009-10-12 53600]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"IdeaNotesUser"="c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"OnekeyDM"="c:\program files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe" [2008-12-23 471552]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2009-05-15 3112960]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2008-10-22 5593088]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2008-10-31 8853392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\Karla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Navigator.lnk - c:\program files (x86)\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe [2008-12-26 328704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R2 slsvc32;Software Licensing ;c:\windows\system32\lxcipplc32.exe [x]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 funfrm;funfrm; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
S2 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
S2 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2008-02-14 32768]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-25 2152152]
S2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2007-02-02 566192]
S2 NetClientSvc;AT&T Global Network Client Service;c:\program files (x86)\AT&T Global Network Client\NetClientSvc.exe [2009-10-12 336224]
S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-09-27 434176]
S2 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-25 17152]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ IncSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 04:11]
.
2011-11-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 03:45]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 03:45]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-496822439-3291657786-1735164273-1003Core.job
- c:\users\Karla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 02:53]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-496822439-3291657786-1735164273-1003UA.job
- c:\users\Karla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 02:53]
.
2011-11-25 c:\windows\Tasks\User_Feed_Synchronization-{878A6B74-34F7-45AC-8FEC-A0D5E5567103}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-05-15 20:22 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-31 1657128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-05 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 200216]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-26 6962208]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-26 1833504]
"LXCICATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCItime.dll" [2006-11-21 31744]
"lxcimon.exe"="c:\program files (x86)\Lexmark 7300 Series\lxcimon.exe" [2007-02-02 205744]
"EzPrint"="c:\program files (x86)\Lexmark 7300 Series\ezprint.exe" [2007-02-02 103344]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XMxdm018YYus&ptb=B779AB42-5993-43F2-9569-8E280E5B5E81
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.live.com/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{7CC570A2-BE7B-4750-BD61-97CAEFD53BF2}: NameServer = 9.0.8.1,9.0.9.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Move Media Player: [email protected] - c:\users\Karla\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: [email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-Lexmark 7300 Series - c:\program files (x86) (x86)\Lexmark 7300 Series\Install\x64\Uninst.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-496822439-3291657786-1735164273-1003\`*z* ]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:39,37,53,88,b9,2e,be,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\SysWOW64\IgrsSvcs.exe
c:\program files (x86)\AT&T Global Network Client\netcfgsvr.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
c:\progra~2\AT&TGL~1\NETLOG~1.EXE
.
**************************************************************************
.
Completion time: 2011-11-25 16:32:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-25 21:32
.
Pre-Run: 185,467,351,040 bytes free
Post-Run: 185,315,983,360 bytes free
.
- - End Of File - - 8921C03053B6A73189514ED7259C6A1F

TSSD
16:37:02.0104 2696 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
16:37:02.0681 2696 ============================================================
16:37:02.0681 2696 Current date / time: 2011/11/25 16:37:02.0681
16:37:02.0681 2696 SystemInfo:
16:37:02.0681 2696
16:37:02.0681 2696 OS Version: 6.0.6002 ServicePack: 2.0
16:37:02.0681 2696 Product type: Workstation
16:37:02.0681 2696 ComputerName: FARNSLEYHOME
16:37:02.0681 2696 UserName: Karla
16:37:02.0681 2696 Windows directory: C:\Windows
16:37:02.0681 2696 System windows directory: C:\Windows
16:37:02.0681 2696 Running under WOW64
16:37:02.0681 2696 Processor architecture: Intel x64
16:37:02.0681 2696 Number of processors: 2
16:37:02.0681 2696 Page size: 0x1000
16:37:02.0681 2696 Boot type: Normal boot
16:37:02.0681 2696 ============================================================
16:37:03.0196 2696 Initialize success
16:37:11.0511 4220 ============================================================
16:37:11.0511 4220 Scan started
16:37:11.0511 4220 Mode: Manual;
16:37:11.0511 4220 ============================================================
16:37:12.0135 4220 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:37:12.0150 4220 ACPI - ok
16:37:12.0291 4220 ACPIVPC (92545d2529b54df737204fe35d6042d1) C:\Windows\system32\DRIVERS\AcpiVpc.sys
16:37:12.0291 4220 ACPIVPC - ok
16:37:12.0384 4220 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:37:12.0384 4220 adp94xx - ok
16:37:12.0494 4220 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:37:12.0509 4220 adpahci - ok
16:37:12.0618 4220 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:37:12.0634 4220 adpu160m - ok
16:37:12.0650 4220 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:37:12.0665 4220 adpu320 - ok
16:37:12.0806 4220 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
16:37:12.0806 4220 AFD - ok
16:37:12.0946 4220 agnfilt (dbd5e77237a1780af4b18a2411a12fcd) C:\Windows\system32\DRIVERS\agnfilt.sys
16:37:12.0946 4220 agnfilt - ok
16:37:13.0149 4220 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:37:13.0149 4220 agp440 - ok
16:37:13.0336 4220 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:37:13.0336 4220 aic78xx - ok
16:37:13.0430 4220 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
16:37:13.0430 4220 aliide - ok
16:37:13.0476 4220 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:37:13.0476 4220 amdide - ok
16:37:13.0554 4220 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:37:13.0554 4220 AmdK8 - ok
16:37:13.0726 4220 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:37:13.0742 4220 arc - ok
16:37:13.0788 4220 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:37:13.0788 4220 arcsas - ok
16:37:13.0882 4220 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
16:37:13.0882 4220 aswFsBlk - ok
16:37:13.0944 4220 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
16:37:13.0944 4220 aswMonFlt - ok
16:37:13.0976 4220 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
16:37:13.0976 4220 aswRdr - ok
16:37:14.0054 4220 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
16:37:14.0054 4220 aswSnx - ok
16:37:14.0163 4220 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
16:37:14.0163 4220 aswSP - ok
16:37:14.0241 4220 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
16:37:14.0256 4220 aswTdi - ok
16:37:14.0381 4220 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:37:14.0381 4220 AsyncMac - ok
16:37:14.0444 4220 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
16:37:14.0444 4220 atapi - ok
16:37:14.0584 4220 avpnnic (9ac8e84eb4b3b56ea705968a9c2b4c3f) C:\Windows\system32\DRIVERS\avpnnic.sys
16:37:14.0600 4220 avpnnic - ok
16:37:14.0662 4220 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:37:14.0678 4220 b57nd60a - ok
16:37:14.0787 4220 Beep - ok
16:37:14.0865 4220 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:37:14.0865 4220 blbdrive - ok
16:37:14.0974 4220 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:37:14.0974 4220 bowser - ok
16:37:15.0052 4220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:37:15.0052 4220 BrFiltLo - ok
16:37:15.0130 4220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:37:15.0130 4220 BrFiltUp - ok
16:37:15.0192 4220 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:37:15.0208 4220 Brserid - ok
16:37:15.0270 4220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:37:15.0270 4220 BrSerWdm - ok
16:37:15.0317 4220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:37:15.0317 4220 BrUsbMdm - ok
16:37:15.0380 4220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:37:15.0380 4220 BrUsbSer - ok
16:37:15.0458 4220 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:37:15.0473 4220 BTHMODEM - ok
16:37:15.0473 4220 catchme - ok
16:37:15.0567 4220 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:37:15.0567 4220 cdfs - ok
16:37:15.0660 4220 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:37:15.0660 4220 cdrom - ok
16:37:15.0738 4220 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
16:37:15.0738 4220 circlass - ok
16:37:15.0848 4220 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:37:15.0848 4220 CLFS - ok
16:37:15.0972 4220 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
16:37:15.0972 4220 CmBatt - ok
16:37:16.0019 4220 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:37:16.0019 4220 cmdide - ok
16:37:16.0066 4220 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
16:37:16.0082 4220 Compbatt - ok
16:37:16.0144 4220 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:37:16.0144 4220 crcdisk - ok
16:37:16.0316 4220 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:37:16.0316 4220 DfsC - ok
16:37:16.0425 4220 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:37:16.0425 4220 disk - ok
16:37:16.0518 4220 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:37:16.0518 4220 drmkaud - ok
16:37:16.0659 4220 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
16:37:16.0674 4220 DXGKrnl - ok
16:37:16.0815 4220 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:37:16.0815 4220 E1G60 - ok
16:37:16.0877 4220 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:37:16.0877 4220 Ecache - ok
16:37:17.0049 4220 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:37:17.0049 4220 elxstor - ok
16:37:17.0189 4220 enecir (228e8badcb14bf178a4aa4cfb7adebc8) C:\Windows\system32\DRIVERS\enecir.sys
16:37:17.0189 4220 enecir - ok
16:37:17.0283 4220 enecirhid (b0b0c493609e40bd9e1b8f2aa9ccbedc) C:\Windows\system32\DRIVERS\enecirhid.sys
16:37:17.0283 4220 enecirhid - ok
16:37:17.0330 4220 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\Windows\system32\DRIVERS\enecirhidma.sys
16:37:17.0330 4220 enecirhidma - ok
16:37:17.0361 4220 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:37:17.0361 4220 ErrDev - ok
16:37:17.0470 4220 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:37:17.0470 4220 exfat - ok
16:37:17.0517 4220 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:37:17.0532 4220 fastfat - ok
16:37:17.0642 4220 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:37:17.0642 4220 fdc - ok
16:37:17.0688 4220 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:37:17.0688 4220 FileInfo - ok
16:37:17.0720 4220 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:37:17.0720 4220 Filetrace - ok
16:37:17.0766 4220 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:37:17.0766 4220 flpydisk - ok
16:37:17.0844 4220 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:37:17.0844 4220 FltMgr - ok
16:37:17.0954 4220 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:37:17.0954 4220 Fs_Rec - ok
16:37:18.0000 4220 funfrm (65fb4713df24f56557e148b8503f5dea) C:\Windows\system32\drivers\funfrm.sys
16:37:18.0000 4220 funfrm - ok
16:37:18.0125 4220 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:37:18.0125 4220 gagp30kx - ok
16:37:18.0328 4220 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
16:37:18.0344 4220 HdAudAddService - ok
16:37:18.0468 4220 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:37:18.0484 4220 HDAudBus - ok
16:37:18.0609 4220 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:37:18.0609 4220 HidBth - ok
16:37:18.0656 4220 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
16:37:18.0656 4220 HidIr - ok
16:37:18.0796 4220 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:37:18.0796 4220 HidUsb - ok
16:37:18.0874 4220 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:37:18.0890 4220 HpCISSs - ok
16:37:19.0030 4220 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:37:19.0046 4220 HTTP - ok
16:37:19.0155 4220 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:37:19.0155 4220 i2omp - ok
16:37:19.0202 4220 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:37:19.0217 4220 i8042prt - ok
16:37:19.0358 4220 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys
16:37:19.0373 4220 iaStor - ok
16:37:19.0420 4220 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:37:19.0420 4220 iaStorV - ok
16:37:19.0748 4220 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:37:19.0950 4220 igfx - ok
16:37:20.0075 4220 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:37:20.0075 4220 iirsp - ok
16:37:20.0278 4220 IntcAzAudAddService (f734f6464e8b28712a9ec9eb447c5b92) C:\Windows\system32\drivers\RTKVHD64.sys
16:37:20.0294 4220 IntcAzAudAddService - ok
16:37:20.0418 4220 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
16:37:20.0418 4220 IntcHdmiAddService - ok
16:37:20.0496 4220 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:37:20.0496 4220 intelide - ok
16:37:20.0559 4220 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:37:20.0559 4220 intelppm - ok
16:37:20.0668 4220 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:37:20.0668 4220 IpFilterDriver - ok
16:37:20.0730 4220 IpInIp - ok
16:37:20.0777 4220 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:37:20.0793 4220 IPMIDRV - ok
16:37:20.0855 4220 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:37:20.0871 4220 IPNAT - ok
16:37:20.0933 4220 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:37:20.0933 4220 IRENUM - ok
16:37:21.0027 4220 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:37:21.0027 4220 isapnp - ok
16:37:21.0089 4220 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:37:21.0089 4220 iScsiPrt - ok
16:37:21.0136 4220 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:37:21.0136 4220 iteatapi - ok
16:37:21.0245 4220 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:37:21.0245 4220 iteraid - ok
16:37:21.0308 4220 k57nd60a (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:37:21.0323 4220 k57nd60a - ok
16:37:21.0432 4220 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:37:21.0432 4220 kbdclass - ok
16:37:21.0464 4220 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:37:21.0464 4220 kbdhid - ok
16:37:21.0604 4220 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
16:37:21.0604 4220 KSecDD - ok
16:37:21.0713 4220 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:37:21.0713 4220 ksthunk - ok
16:37:21.0869 4220 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
16:37:21.0869 4220 Lavasoft Kernexplorer - ok
16:37:21.0994 4220 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
16:37:21.0994 4220 Lbd - ok
16:37:22.0025 4220 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:37:22.0041 4220 lltdio - ok
16:37:22.0166 4220 LPCFilter (9c551a9121639a9779862cb8a6cabf03) C:\Windows\system32\DRIVERS\LPCFilter.sys
16:37:22.0166 4220 LPCFilter - ok
16:37:22.0228 4220 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:37:22.0244 4220 LSI_FC - ok
16:37:22.0337 4220 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:37:22.0337 4220 LSI_SAS - ok
16:37:22.0368 4220 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:37:22.0384 4220 LSI_SCSI - ok
16:37:22.0400 4220 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:37:22.0400 4220 luafv - ok
16:37:22.0540 4220 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:37:22.0540 4220 megasas - ok
16:37:22.0587 4220 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:37:22.0587 4220 MegaSR - ok
16:37:22.0712 4220 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:37:22.0712 4220 Modem - ok
16:37:22.0743 4220 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:37:22.0743 4220 monitor - ok
16:37:22.0836 4220 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:37:22.0836 4220 mouclass - ok
16:37:22.0930 4220 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:37:22.0946 4220 mouhid - ok
16:37:23.0008 4220 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:37:23.0008 4220 MountMgr - ok
16:37:23.0086 4220 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:37:23.0086 4220 mpio - ok
16:37:23.0180 4220 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:37:23.0180 4220 mpsdrv - ok
16:37:23.0258 4220 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:37:23.0258 4220 Mraid35x - ok
16:37:23.0367 4220 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:37:23.0367 4220 MRxDAV - ok
16:37:23.0429 4220 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:37:23.0429 4220 mrxsmb - ok
16:37:23.0554 4220 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:37:23.0554 4220 mrxsmb10 - ok
16:37:23.0585 4220 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:37:23.0601 4220 mrxsmb20 - ok
16:37:23.0648 4220 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
16:37:23.0648 4220 msahci - ok
16:37:23.0741 4220 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:37:23.0741 4220 msdsm - ok
16:37:23.0788 4220 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:37:23.0788 4220 Msfs - ok
16:37:23.0850 4220 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:37:23.0850 4220 msisadrv - ok
16:37:23.0975 4220 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:37:23.0975 4220 MSKSSRV - ok
16:37:24.0038 4220 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:37:24.0038 4220 MSPCLOCK - ok
16:37:24.0053 4220 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:37:24.0053 4220 MSPQM - ok
16:37:24.0178 4220 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:37:24.0178 4220 MsRPC - ok
16:37:24.0287 4220 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:37:24.0287 4220 mssmbios - ok
16:37:24.0334 4220 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:37:24.0334 4220 MSTEE - ok
16:37:24.0381 4220 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:37:24.0381 4220 Mup - ok
16:37:24.0521 4220 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:37:24.0521 4220 NativeWifiP - ok
16:37:24.0615 4220 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:37:24.0615 4220 NDIS - ok
16:37:24.0724 4220 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:37:24.0724 4220 NdisTapi - ok
16:37:24.0755 4220 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:37:24.0771 4220 Ndisuio - ok
16:37:24.0818 4220 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:37:24.0818 4220 NdisWan - ok
16:37:24.0942 4220 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:37:24.0942 4220 NDProxy - ok
16:37:24.0958 4220 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:37:24.0958 4220 NetBIOS - ok
16:37:25.0020 4220 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:37:25.0036 4220 netbt - ok
16:37:25.0317 4220 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
16:37:25.0442 4220 NETw5v64 - ok
16:37:25.0551 4220 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:37:25.0551 4220 nfrd960 - ok
16:37:25.0613 4220 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:37:25.0613 4220 Npfs - ok
16:37:25.0644 4220 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:37:25.0660 4220 nsiproxy - ok
16:37:25.0847 4220 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:37:25.0863 4220 Ntfs - ok
16:37:25.0988 4220 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:37:25.0988 4220 Null - ok
16:37:26.0019 4220 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:37:26.0034 4220 nvraid - ok
16:37:26.0050 4220 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:37:26.0050 4220 nvstor - ok
16:37:26.0081 4220 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:37:26.0097 4220 nv_agp - ok
16:37:26.0175 4220 NwlnkFlt - ok
16:37:26.0190 4220 NwlnkFwd - ok
16:37:26.0237 4220 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
16:37:26.0237 4220 ohci1394 - ok
16:37:26.0284 4220 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:37:26.0284 4220 Parport - ok
16:37:26.0393 4220 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:37:26.0393 4220 partmgr - ok
16:37:26.0456 4220 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:37:26.0456 4220 pci - ok
16:37:26.0487 4220 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
16:37:26.0487 4220 pciide - ok
16:37:26.0596 4220 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:37:26.0596 4220 pcmcia - ok
16:37:26.0643 4220 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:37:26.0658 4220 PEAUTH - ok
16:37:26.0846 4220 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:37:26.0846 4220 PptpMiniport - ok
16:37:26.0877 4220 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:37:26.0877 4220 Processor - ok
16:37:27.0033 4220 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:37:27.0033 4220 PSched - ok
16:37:27.0111 4220 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:37:27.0142 4220 ql2300 - ok
16:37:27.0251 4220 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:37:27.0251 4220 ql40xx - ok
16:37:27.0298 4220 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:37:27.0298 4220 QWAVEdrv - ok
16:37:27.0314 4220 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:37:27.0314 4220 RasAcd - ok
16:37:27.0470 4220 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:37:27.0470 4220 Rasl2tp - ok
16:37:27.0501 4220 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:37:27.0501 4220 RasPppoe - ok
16:37:27.0516 4220 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:37:27.0516 4220 RasSstp - ok
16:37:27.0657 4220 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:37:27.0672 4220 rdbss - ok
16:37:27.0766 4220 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:37:27.0766 4220 RDPCDD - ok
16:37:27.0828 4220 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:37:27.0828 4220 rdpdr - ok
16:37:27.0953 4220 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:37:27.0953 4220 RDPENCDD - ok
16:37:28.0016 4220 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
16:37:28.0016 4220 RDPWD - ok
16:37:28.0187 4220 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:37:28.0187 4220 RimVSerPort - ok
16:37:28.0218 4220 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
16:37:28.0218 4220 ROOTMODEM - ok
16:37:28.0343 4220 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:37:28.0343 4220 rspndr - ok
16:37:28.0421 4220 RTSTOR (e7f397f7f4bf9a5c221a9c647acba8bf) C:\Windows\system32\drivers\RTSTOR64.SYS
16:37:28.0421 4220 RTSTOR - ok
16:37:28.0530 4220 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:37:28.0530 4220 sbp2port - ok
16:37:28.0593 4220 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
16:37:28.0593 4220 sdbus - ok
16:37:28.0624 4220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:37:28.0624 4220 secdrv - ok
16:37:28.0749 4220 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:37:28.0749 4220 Serenum - ok
16:37:28.0796 4220 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:37:28.0811 4220 Serial - ok
16:37:28.0827 4220 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:37:28.0827 4220 sermouse - ok
16:37:28.0952 4220 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:37:28.0952 4220 sffdisk - ok
16:37:28.0967 4220 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:37:28.0967 4220 sffp_mmc - ok
16:37:28.0998 4220 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:37:28.0998 4220 sffp_sd - ok
16:37:29.0014 4220 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:37:29.0014 4220 sfloppy - ok
16:37:29.0030 4220 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:37:29.0045 4220 SiSRaid2 - ok
16:37:29.0061 4220 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:37:29.0061 4220 SiSRaid4 - ok
16:37:29.0217 4220 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:37:29.0232 4220 Smb - ok
16:37:29.0279 4220 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:37:29.0295 4220 spldr - ok
16:37:29.0435 4220 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:37:29.0451 4220 srv - ok
16:37:29.0560 4220 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:37:29.0560 4220 srv2 - ok
16:37:29.0576 4220 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:37:29.0591 4220 srvnet - ok
16:37:29.0732 4220 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:37:29.0732 4220 swenum - ok
16:37:29.0794 4220 swmsflt (179de6936fbb0702f89535b27e311b1f) C:\Windows\System32\drivers\swmsflt.sys
16:37:29.0794 4220 swmsflt - ok
16:37:29.0841 4220 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:37:29.0841 4220 Symc8xx - ok
16:37:29.0934 4220 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:37:29.0934 4220 Sym_hi - ok
16:37:29.0997 4220 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:37:30.0012 4220 Sym_u3 - ok
16:37:30.0122 4220 SynTP (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
16:37:30.0122 4220 SynTP - ok
16:37:30.0246 4220 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
16:37:30.0262 4220 Tcpip - ok
16:37:30.0434 4220 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
16:37:30.0449 4220 Tcpip6 - ok
16:37:30.0574 4220 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:37:30.0574 4220 tcpipreg - ok
16:37:30.0621 4220 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:37:30.0621 4220 TDPIPE - ok
16:37:30.0730 4220 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:37:30.0730 4220 TDTCP - ok
16:37:30.0792 4220 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:37:30.0792 4220 tdx - ok
16:37:30.0839 4220 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:37:30.0839 4220 TermDD - ok
16:37:30.0964 4220 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:37:30.0964 4220 tssecsrv - ok
16:37:30.0995 4220 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:37:31.0011 4220 tunmp - ok
16:37:31.0011 4220 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
16:37:31.0026 4220 tunnel - ok
16:37:31.0058 4220 tvtumon (2a0e28b8ccaa8282170ab3e6767b77ac) C:\Windows\system32\DRIVERS\tvtumon.sys
16:37:31.0058 4220 tvtumon - ok
16:37:31.0182 4220 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:37:31.0182 4220 uagp35 - ok
16:37:31.0229 4220 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:37:31.0245 4220 udfs - ok
16:37:31.0385 4220 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:37:31.0385 4220 uliagpkx - ok
16:37:31.0416 4220 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:37:31.0432 4220 uliahci - ok
16:37:31.0541 4220 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:37:31.0541 4220 UlSata - ok
16:37:31.0572 4220 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:37:31.0588 4220 ulsata2 - ok
16:37:31.0604 4220 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:37:31.0604 4220 umbus - ok
16:37:31.0760 4220 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:37:31.0760 4220 usbccgp - ok
16:37:31.0806 4220 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:37:31.0822 4220 usbcir - ok
16:37:31.0947 4220 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:37:31.0962 4220 usbehci - ok
16:37:31.0994 4220 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:37:32.0009 4220 usbhub - ok
16:37:32.0118 4220 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
16:37:32.0118 4220 usbohci - ok
16:37:32.0150 4220 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:37:32.0150 4220 usbprint - ok
16:37:32.0274 4220 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:37:32.0274 4220 usbscan - ok
16:37:32.0321 4220 usbsmi (73344578614f76d0d82fa71714f6a241) C:\Windows\system32\DRIVERS\SMIksdrv.sys
16:37:32.0321 4220 usbsmi - ok
16:37:32.0446 4220 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:37:32.0446 4220 USBSTOR - ok
16:37:32.0493 4220 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:37:32.0508 4220 usbuhci - ok
16:37:32.0618 4220 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
16:37:32.0633 4220 usbvideo - ok
16:37:32.0664 4220 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:37:32.0664 4220 vga - ok
16:37:32.0696 4220 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:37:32.0696 4220 VgaSave - ok
16:37:32.0805 4220 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:37:32.0805 4220 viaide - ok
16:37:32.0867 4220 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:37:32.0867 4220 volmgr - ok
16:37:33.0008 4220 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:37:33.0008 4220 volmgrx - ok
16:37:33.0117 4220 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:37:33.0117 4220 volsnap - ok
16:37:33.0164 4220 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:37:33.0164 4220 vsmraid - ok
16:37:33.0257 4220 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:37:33.0257 4220 WacomPen - ok
16:37:33.0304 4220 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:37:33.0304 4220 Wanarp - ok
16:37:33.0320 4220 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:37:33.0320 4220 Wanarpv6 - ok
16:37:33.0382 4220 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:37:33.0382 4220 Wd - ok
16:37:33.0476 4220 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:37:33.0491 4220 Wdf01000 - ok
16:37:33.0678 4220 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:37:33.0678 4220 WimFltr - ok
16:37:33.0772 4220 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:37:33.0772 4220 WmiAcpi - ok
16:37:33.0928 4220 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
16:37:33.0928 4220 WpdUsb - ok
16:37:33.0959 4220 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:37:33.0959 4220 ws2ifsl - ok
16:37:34.0100 4220 WSVD (ecdd6cd8d31adf2048ddd1666b53de5c) C:\Windows\system32\drivers\WSVD.sys
16:37:34.0100 4220 WSVD - ok
16:37:34.0131 4220 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:37:34.0146 4220 WUDFRd - ok
16:37:34.0224 4220 MBR (0x1B8) (cfec0bc28e237ab24b54aebeb03049fb) \Device\Harddisk0\DR0
16:37:34.0505 4220 \Device\Harddisk0\DR0 - ok
16:37:34.0505 4220 Boot (0x1200) (153e23039f635ef60bd0b3a1e1f0455f) \Device\Harddisk0\DR0\Partition0
16:37:34.0505 4220 \Device\Harddisk0\DR0\Partition0 - ok
16:37:34.0536 4220 Boot (0x1200) (64f5118db992107a4bb9c9c2b7886e3d) \Device\Harddisk0\DR0\Partition1
16:37:34.0536 4220 \Device\Harddisk0\DR0\Partition1 - ok
16:37:34.0536 4220 ============================================================
16:37:34.0536 4220 Scan finished
16:37:34.0536 4220 ============================================================
16:37:34.0568 4388 Detected object count: 0
16:37:34.0568 4388 Actual detected object count: 0
16:38:15.0081 3720 Deinitialize success

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-25 16:39:59
-----------------------------
16:39:59.334 OS Version: Windows x64 6.0.6002 Service Pack 2
16:39:59.335 Number of processors: 2 586 0x170A
16:39:59.336 ComputerName: FARNSLEYHOME UserName: Karla
16:40:01.029 Initialize success
16:40:01.190 AVAST engine defs: 11112501
16:40:38.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:40:38.183 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
16:40:38.206 Disk 0 MBR read successfully
16:40:38.210 Disk 0 MBR scan
16:40:38.214 Disk 0 unknown MBR code
16:40:38.218 Service scanning
16:40:39.809 Modules scanning
16:40:39.813 Scan finished successfully
16:40:54.371 Disk 0 MBR has been saved successfully to "C:\Users\Karla\Desktop\MBR.dat"
16:40:54.373 The log file has been saved successfully to "C:\Users\Karla\Desktop\aswMBR.txt"


OTL logfile created on: 11/25/2011 4:42:33 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Karla\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 50.12% Memory free
8.11 Gb Paging File | 6.24 Gb Available in Paging File | 76.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252.95 Gb Total Space | 172.06 Gb Free Space | 68.02% Space Free | Partition Type: NTFS
Drive D: | 30.38 Gb Total Space | 28.44 Gb Free Space | 93.60% Space Free | Partition Type: NTFS

Computer Name: FARNSLEYHOME | User Name: Karla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Karla\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe (AT&T)
PRC - C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe (AT&T)
PRC - C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe (AT&T)
PRC - C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Windows\SysWOW64\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\SysWOW64\SBarHook.DLL ()
MOD - C:\Program Files (x86)\Lenovo\ReadyComm\NetApp.dll ()
MOD - C:\Program Files (x86)\Lenovo\ReadyComm\NetApp.en.dll ()
MOD - C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll ()
MOD - C:\Program Files (x86)\Lexmark 7300 Series\lxcidrec.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DKService.exe (Diskeeper Corporation)
SRV:64bit: - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxci_device) -- C:\Windows\SysNative\lxcicoms.exe ( )
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (DDNIService) -- C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
SRV - (DDNIMSGService) -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
SRV - (NetLogSvc) -- C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe (AT&T)
SRV - (netcfgsvr) -- C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe (AT&T)
SRV - (NetClientSvc) -- C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe (AT&T)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IncSvc) -- C:\Windows\SysWow64\IgrsSvcs.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (lxci_device) -- C:\Windows\SysWow64\lxcicoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (agnfilt) -- C:\Windows\SysNative\DRIVERS\agnfilt.sys (AT&T)
DRV:64bit: - (avpnnic) -- C:\Windows\SysNative\DRIVERS\avpnnic.sys (AT&T)
DRV:64bit: - (funfrm) -- C:\Windows\SysNative\drivers\funfrm.sys ()
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\DRIVERS\SMIksdrv.sys (SMI)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\DRIVERS\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (tvtumon) -- C:\Windows\SysNative\DRIVERS\tvtumon.sys (Lenovo)
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\drivers\swmsflt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (WSVD) -- C:\Windows\SysNative\drivers\WSVD.sys (CyberLink)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\DRIVERS\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...69-8E280E5B5E81
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1289
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.7896


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.DailyBibleGuide.com/Plugin: C:\Program Files (x86)\DailyBibleGuideEI\Installr\2.bin\NP2vEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Karla\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Karla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Karla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/03 17:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 22:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 22:35:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Karla\AppData\Roaming\Move Networks [2009/05/28 22:06:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme

[2009/05/28 13:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karla\AppData\Roaming\Mozilla\Extensions
[2010/02/03 14:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karla\AppData\Roaming\Mozilla\eclipse1\extensions
[2011/11/25 15:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions
[2011/03/08 20:01:39 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/03 17:07:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/01 11:31:56 | 000,009,946 | ---- | M] () -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\searchplugins\DailyBibleGuide.xml
[2011/11/25 14:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/18 19:48:38 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/03 17:35:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/05/28 22:06:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\KARLA\APPDATA\ROAMING\MOVE NETWORKS
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://stp.startnow....ion=6.0-x64-SP2
CHR - default_search_provider: suggest_url = http://api.bing.com/...n.aspx?query=%s
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Karla\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: avast! WebRep = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Facetheme = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl\1.0_0\
CHR - Extension: Skype Extension = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\

O1 HOSTS File: ([2011/11/25 16:13:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LXCICATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCItime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcimon.exe] C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OnekeyDM] C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files (x86)\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [ReadyComm] C:\Program Files (x86)\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
O4 - Startup: C:\Users\Karla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC570A2-BE7B-4750-BD61-97CAEFD53BF2}: NameServer = 9.0.8.1,9.0.9.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9BED840-E2A9-423C-B4A3-06F5B5ECE05C}: DhcpNameServer = 68.87.72.134 68.87.77.134
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Karla\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Karla\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/25 16:39:13 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Karla\Desktop\aswMBR.exe
[2011/11/25 16:35:51 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Karla\Desktop\tdsskiller.exe
[2011/11/25 16:32:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/25 16:32:59 | 000,000,000 | ---D | C] -- C:\Users\Karla\AppData\Local\temp
[2011/11/25 16:13:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/25 15:41:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/25 15:41:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/25 15:41:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/25 15:41:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/25 15:41:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/25 15:39:02 | 004,307,453 | R--- | C] (Swearware) -- C:\Users\Karla\Desktop\ComboFix.exe
[2011/11/25 15:20:57 | 000,000,000 | ---D | C] -- C:\Users\Karla\AppData\Roaming\Malwarebytes
[2011/11/25 15:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/25 15:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 15:20:28 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/25 15:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/25 15:17:52 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Karla\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/25 14:42:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/25 09:56:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Karla\Desktop\OTL.exe
[2011/11/25 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\Karla\AppData\Local\Apps
[2011/11/24 23:12:01 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/24 23:09:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/11/24 23:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/11/24 23:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/24 23:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/11/24 23:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/11/21 21:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/19 10:31:28 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/19 10:31:28 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/11/19 10:31:27 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/11/19 10:31:27 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/19 10:31:27 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/11/19 10:31:27 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/11/19 10:31:27 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/19 10:31:27 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/11/19 10:31:27 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/19 10:31:27 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/19 10:31:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/19 10:31:26 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/11/19 10:31:26 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/11/19 10:31:24 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/11/19 10:30:52 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011/11/19 10:30:52 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011/11/19 10:30:52 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/11/19 10:30:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011/11/19 10:30:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011/11/19 10:30:51 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/11/19 10:30:07 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/11/19 10:30:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/11/19 10:28:58 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2011/11/19 10:21:14 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/11/19 10:21:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/11/19 10:21:14 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/11/19 10:21:14 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/11/19 10:21:14 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/11/19 10:21:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/11/19 10:21:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/11/19 10:21:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/26 18:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2009/06/14 18:24:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciserv.dll
[2009/06/14 18:24:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciusb1.dll
[2009/06/14 18:24:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcihbn3.dll
[2009/06/14 18:24:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomc.dll
[2009/06/14 18:24:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipmui.dll
[2009/06/14 18:24:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcilmpm.dll
[2009/06/14 18:24:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicoms.exe
[2009/06/14 18:24:19 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomm.dll
[2009/06/14 18:24:19 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciinpa.dll
[2009/06/14 18:24:19 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciiesc.dll
[2009/06/14 18:24:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciih.exe
[2009/06/14 18:24:19 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicfg.exe
[2009/06/14 18:24:19 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcippls.exe
[2009/06/14 18:24:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciprox.dll
[2009/06/14 18:24:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipplc.dll
[2009/01/12 08:00:35 | 001,526,576 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax9f.exe

========== Files - Modified Within 30 Days ==========

[2011/11/25 16:40:54 | 000,000,512 | ---- | M] () -- C:\Users\Karla\Desktop\MBR.dat
[2011/11/25 16:39:22 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Karla\Desktop\aswMBR.exe
[2011/11/25 16:36:03 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Karla\Desktop\tdsskiller.exe
[2011/11/25 16:35:31 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{878A6B74-34F7-45AC-8FEC-A0D5E5567103}.job
[2011/11/25 16:32:12 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 16:31:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-496822439-3291657786-1735164273-1003UA.job
[2011/11/25 16:22:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/11/25 16:18:44 | 000,756,644 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/25 16:18:44 | 000,642,392 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/25 16:18:44 | 000,118,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/25 16:13:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/25 16:12:49 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/25 16:11:08 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/25 16:11:04 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011/11/25 16:10:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 16:10:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 16:10:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 15:39:19 | 004,307,453 | R--- | M] (Swearware) -- C:\Users\Karla\Desktop\ComboFix.exe
[2011/11/25 15:20:32 | 000,000,972 | ---- | M] () -- C:\Users\Karla\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/25 15:20:32 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 15:18:04 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Karla\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/25 09:56:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karla\Desktop\OTL.exe
[2011/11/24 23:12:00 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/24 23:11:57 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/24 23:09:32 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/22 10:31:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-496822439-3291657786-1735164273-1003Core.job
[2011/11/21 21:35:53 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/20 21:44:46 | 000,033,355 | ---- | M] () -- C:\Users\Karla\Documents\Employment Search information.odt
[2011/11/20 15:36:36 | 000,022,996 | ---- | M] () -- C:\Users\Karla\Documents\Balance of Dad's cash.ods
[2011/11/20 08:58:34 | 000,020,291 | ---- | M] () -- C:\Users\Karla\Documents\Unemployment Account Balances.ods
[2011/11/19 11:40:01 | 000,408,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/19 11:17:07 | 000,709,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/19 11:12:08 | 000,000,422 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2011/11/18 11:33:01 | 000,002,004 | ---- | M] () -- C:\Users\Karla\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 11:33:00 | 000,002,042 | ---- | M] () -- C:\Users\Karla\Desktop\Google Chrome.lnk
[2011/11/10 22:31:08 | 000,011,197 | ---- | M] () -- C:\Users\Karla\Documents\To do list while Kirbee is in Indy.odt
[2011/10/31 12:47:27 | 000,010,660 | ---- | M] () -- C:\Users\Karla\Documents\Places in Greenwood for Kirbee.odt
[2011/10/26 18:10:23 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2011/11/25 16:40:54 | 000,000,512 | ---- | C] () -- C:\Users\Karla\Desktop\MBR.dat
[2011/11/25 15:41:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/25 15:41:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/25 15:41:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/25 15:41:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/25 15:41:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/25 15:20:32 | 000,000,972 | ---- | C] () -- C:\Users\Karla\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/25 15:20:32 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 09:32:33 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/25 01:02:16 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/24 23:09:32 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/21 21:35:53 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/06 22:21:30 | 000,011,197 | ---- | C] () -- C:\Users\Karla\Documents\To do list while Kirbee is in Indy.odt
[2011/10/31 11:08:11 | 000,010,660 | ---- | C] () -- C:\Users\Karla\Documents\Places in Greenwood for Kirbee.odt
[2011/10/26 18:10:23 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/05 20:44:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/07/05 20:43:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/07/05 20:42:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/01/07 21:22:53 | 000,012,288 | ---- | C] () -- C:\Users\Karla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/12 07:51:18 | 000,217,942 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/06/14 18:54:22 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/06/14 18:53:30 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2009/06/14 18:53:14 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/06/14 18:24:19 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcicomx.dll
[2009/06/14 18:24:19 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxciinst.dll
[2009/05/15 15:22:30 | 002,101,248 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2009/05/15 15:22:01 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2009/05/15 15:21:51 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2009/05/15 15:11:28 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\SBarHook.DLL
[2009/05/15 14:55:05 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/05/15 14:55:02 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/05/15 14:55:00 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/01/12 07:28:33 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/01/12 07:04:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/27 20:29:00 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\OnekeyDM.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >

OTL Extras logfile created on: 11/25/2011 4:42:33 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Karla\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 50.12% Memory free
8.11 Gb Paging File | 6.24 Gb Available in Paging File | 76.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252.95 Gb Total Space | 172.06 Gb Free Space | 68.02% Space Free | Partition Type: NTFS
Drive D: | 30.38 Gb Total Space | 28.44 Gb Free Space | 93.60% Space Free | Partition Type: NTFS

Computer Name: FARNSLEYHOME | User Name: Karla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 26 D4 E3 EB 83 3B CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000B34C2-242E-411F-AB20-AAD83EEE7ADF}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcicoms.exe |
"{043D8326-D2EC-4C04-85D2-2D8C1EC8945A}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{142E3591-31D9-4E91-BA34-36F5AD149C75}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\readycomm.exe |
"{17C45F7C-FDF7-4DDC-8871-AA8BA59143C1}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{4446E6A6-167D-4A38-9CB6-F9DBE3DA3C9F}" = protocol=6 | dir=in | app=c:\program files (x86)\at&t global network client\netclient.exe |
"{52A15E3F-2C71-421F-9FBD-CC6C4820C073}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcipswx.exe |
"{6599E7BA-8CF1-4535-9E63-40FD15B3246A}" = protocol=17 | dir=in | app=c:\program files (x86)\at&t global network client\netclient.exe |
"{82313C93-1BDF-477E-8C2F-29F4FB3236CE}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{8362FBF1-D0E7-44FD-9206-8C098BAAEE99}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{8F94E13B-5E55-451D-AB96-65CB6F88F1C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcicoms.exe |
"{930EF80C-BC20-4C00-A795-7D8EE56FE960}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{A16C591B-04C2-42AA-BC50-170273213374}" = protocol=6 | dir=in | app=c:\windows\system32\lxcicoms.exe |
"{AE843560-ED1D-4C61-B444-61147E49BA82}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\filereceiver.exe |
"{CBA450E5-F089-42D7-B9F1-EA1832D90255}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcipswx.exe |
"{DD1852F0-AF65-461D-AF65-48DE5ADF4105}" = protocol=17 | dir=in | app=c:\windows\system32\lxcicoms.exe |
"{E363D595-4CC4-4AFB-877E-5EFB3D5E8BC3}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{F0E158D3-6532-4CEC-9D7F-0B33171CF565}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\readycomm.exe |
"{F51B4B50-046A-4946-828B-476DB095B9DB}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\filereceiver.exe |
"{FA5AFA03-3A2F-4F25-9C07-0A8166930ED3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{386065BF-51B7-4E9D-8C7A-575DCB8818F2}C:\program files (x86)\ibm\sametime connect\jre\bin\sametime75.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\sametime connect\jre\bin\sametime75.exe |
"UDP Query User{DD365AE1-9669-4BC2-AAD4-0BE5A9E2B3C9}C:\program files (x86)\ibm\sametime connect\jre\bin\sametime75.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\sametime connect\jre\bin\sametime75.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08BE46F7-166A-4716-8603-75518EA54B3F}" = Driver Installer
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{27FF7C6D-8E44-4BB4-BD17-955EA0CFA373}" = Diskeeper 2008 Professional
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"7D4044978059DC8916896568EDDF0E875D1FA4EC" = Windows Driver Package - Lenovo (ACPIVPC) System (10/15/2008 3.1.0.1)
"87B8039CA0CD7A68D9536013C2495013C4B4B168" = Windows Driver Package - ENE (enecir) HIDClass (11/19/2008 2.7.0.2)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{230B9098-A165-491F-B499-8F41AA7139F6}" = WorldWinner Games
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 22
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{6345DBAE-79E8-443A-9A21-926DA3998A70}" = Lenovo First Boot
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{720264BB-47DB-4728-9B00-AEA049576F48}" = Lenovo Idea Notes
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}" = IBM Lotus Sametime Connect 7.5.1
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9B304612-421E-4CC3-84A1-5BAAC1CBE409}" = Onekey Theater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AEEAE03F-DEB4-461B-ACC2-FFA7BFAA7178}" = SlideBar Driver
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C7FB1A71-D808-4CD2-997D-837B39EA7EB0}" = DIBS
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EFDD7E37-19B9-42BC-8200-4680F52ED786}" = AT&T Global Network Client LaptopConnect Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Cooking Dash - DinerTown Studios" = Cooking Dash - DinerTown Studios (remove only)
"Diner Dash 2" = Diner Dash 2
"EasyCapture3.5" = EasyCapture
"InstallShield_{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"InstallShield_{9B304612-421E-4CC3-84A1-5BAAC1CBE409}" = Onekey Theater
"InstallShield_{AEEAE03F-DEB4-461B-ACC2-FFA7BFAA7178}" = SlideBar Driver
"Lenovo Idea Central" = Lenovo Idea Central
"Lexmark 7300 Series" = Lexmark 7300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Picasa 3" = Picasa 3
"StartNow Toolbar" = StartNow Toolbar
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.0.3
"WildTangent wildgames Master Uninstall" = WildGames
"Windows Live Toolbar" = Windows Live Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Home Sweet Home" = Home Sweet Home
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2011 8:45:45 PM | Computer Name = FarnsleyHome | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/9/2011 9:35:57 PM | Computer Name = FarnsleyHome | Source = Windows Search Service | ID = 3013
Description =

Error - 11/10/2011 10:39:23 PM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =

Error - 11/11/2011 6:24:12 PM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =

Error - 11/11/2011 6:27:01 PM | Computer Name = FarnsleyHome | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/11/2011 6:27:08 PM | Computer Name = FarnsleyHome | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/13/2011 10:07:04 AM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =

Error - 11/14/2011 11:38:37 AM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =

Error - 11/14/2011 9:56:43 PM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =

Error - 11/15/2011 9:51:20 AM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 11/1/2010 8:30:37 PM | Computer Name = FarnsleyHome | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/7/2011 1:48:06 PM | Computer Name = FarnsleyHome | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/19/2011 12:13:24 PM | Computer Name = FarnsleyHome | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/19/2011 12:20:42 PM | Computer Name = FarnsleyHome | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 11/22/2011 6:26:25 PM | Computer Name = FarnsleyHome | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.105 for the Network Card with network
address 0022FAB92EBE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/25/2011 10:32:31 AM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7009
Description =

Error - 11/25/2011 10:32:31 AM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7000
Description =

Error - 11/25/2011 4:40:42 PM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7034
Description =

Error - 11/25/2011 4:52:20 PM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7030
Description =

Error - 11/25/2011 4:59:41 PM | Computer Name = FarnsleyHome | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/25/2011 5:09:20 PM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7030
Description =

Error - 11/25/2011 5:11:07 PM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Uninstall
Java™ 6 Update 22 obsolete. go to Java.com and get the latest version.
Adobe Reader 8.1.2 Obsolete. Go to adobe.com and get the latest version.
StartNow Toolbar - Foistware of no use.

There is still a stealth process on the PC.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Text version is usually at: C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt
If it found something, please copy and paste the log into a reply.

Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.


Ron
  • 0

#5
HunterAce

HunterAce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ok. the avast scan found an item. Unfortunately, the log was overwritten before I got it. I went to the avast interface and found this info for
what went into the chest on 11/26. virus win32: pup-gen [pup]. file name was 00075179.exe

process explorer log:
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 62.34 0 K 24 K
Interrupts n/a 33.04 0 K 0 K Hardware Interrupts and DPCs
procexp64.exe 3664 3.84 21,476 K 32,988 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
svchost.exe 708 0.77 141,244 K 144,864 K Host Process for Windows Services Microsoft Corporation
dwm.exe 3236 < 0.01 40,332 K 44,836 K Desktop Window Manager Microsoft Corporation
System 4 < 0.01 0 K 42,292 K
firefox.exe 4136 < 0.01 137,328 K 189,176 K Firefox Mozilla Corporation
IGRS.exe 1760 < 0.01 5,272 K 29,956 K IGRS Protocol Stack Lenovo Group Limited
igfxsrvc.exe 3416 < 0.01 3,708 K 7,448 K igfxsrvc Module Intel Corporation
plugin-container.exe 4752 < 0.01 22,124 K 69,932 K Plugin Container for Firefox Mozilla Corporation
svchost.exe 856 < 0.01 118,512 K 135,096 K Host Process for Windows Services Microsoft Corporation
explorer.exe 3288 < 0.01 40,496 K 66,232 K Windows Explorer Microsoft Corporation
WmiPrvSE.exe 308 < 0.01 5,652 K 9,856 K WMI Provider Host Microsoft Corporation
WrtProc.exe 3164 < 0.01 2,056 K 26,736 K NsWrtProc Microsoft Base Clase Application
csrss.exe 716 < 0.01 3,592 K 7,864 K Client Server Runtime Process Microsoft Corporation
svchost.exe 312 < 0.01 6,660 K 10,260 K Host Process for Windows Services Microsoft Corporation
hkcmd.exe 3728 < 0.01 3,248 K 6,484 K hkcmd Module Intel Corporation
AvastSvc.exe 1364 < 0.01 31,884 K 38,404 K avast! Service AVAST Software
AvastUI.exe 3156 < 0.01 6,428 K 41,232 K avast! Antivirus AVAST Software
DKService.exe 648 < 0.01 11,424 K 17,488 K Diskeeper Service(b) Diskeeper Corporation
lsm.exe 824 < 0.01 3,656 K 5,660 K Local Session Manager Service Microsoft Corporation
UpdateMonitor.exe 2504 < 0.01 5,176 K 32,440 K System Repair Application Lenovo Group Limited
AAWService.exe 1380 < 0.01 73,028 K 97,972 K Ad-Aware Service Application Lavasoft Limited
WrtMon.exe 3948 < 0.01 2,156 K 26,416 K NsWrtMon Microsoft Base Class Application
svchost.exe 680 < 0.01 17,196 K 16,040 K Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 1052 < 0.01 108,320 K 22,656 K Microsoft Windows Search Indexer Microsoft Corporation
Energy Management.exe 2600 < 0.01 2,588 K 36,816 K Lenovo Energy Management Software Lenovo (Beijing) Limited
SearchProtocolHost.exe 4116 < 0.01 7,576 K 11,632 K Microsoft Windows Search Protocol Host Microsoft Corporation
taskeng.exe 3308 < 0.01 11,656 K 13,680 K Task Scheduler Engine Microsoft Corporation
svchost.exe 3968 < 0.01 5,164 K 9,140 K Host Process for Windows Services Microsoft Corporation
SynTPEnh.exe 3712 < 0.01 4,304 K 10,380 K Synaptics TouchPad Enhancements Synaptics, Inc.
spoolsv.exe 1856 < 0.01 7,832 K 13,264 K Spooler SubSystem App Microsoft Corporation
wuauclt.exe 3804 3,876 K 7,336 K Windows Update Microsoft Corporation
winlogon.exe 776 3,312 K 7,400 K Windows Logon Application Microsoft Corporation
wininit.exe 724 2,324 K 5,164 K Windows Start-Up Application Microsoft Corporation
VSSVC.exe 4576 15,460 K 22,044 K Microsoft® Volume Shadow Copy Service Microsoft Corporation
utility.exe 2608 8,328 K 11,168 K Lenovo Battery Management Software Ver3.0 Lenovo(beijing) Limited
unsecapp.exe 4088 3,528 K 6,436 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
unsecapp.exe 1188 3,188 K 5,488 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
taskeng.exe 4536 2,760 K 6,724 K Task Scheduler Engine Microsoft Corporation
taskeng.exe 3260 3,256 K 7,384 K Task Scheduler Engine Microsoft Corporation
SynTPHelper.exe 3740 1,888 K 3,948 K Synaptics Pointing Device Helper Synaptics, Inc.
svchost.exe 976 4,360 K 8,500 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1136 9,764 K 16,080 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1236 32,252 K 35,216 K Host Process for Windows Services Microsoft Corporation
svchost.exe 356 82,332 K 40,724 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1880 15,772 K 19,684 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2324 3,400 K 6,928 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2488 5,292 K 8,676 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2584 1,664 K 3,432 K Host Process for Windows Services Microsoft Corporation
sqlwriter.exe 2444 4,904 K 8,136 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlbrowser.exe 2412 1,828 K 7,744 K SQL Browser Service EXE Microsoft Corporation
soffice.exe 3656 1,640 K 27,504 K OpenOffice.org 3.1 OpenOffice.org
soffice.bin 1712 8,236 K 88,060 K OpenOffice.org 3.1 OpenOffice.org
smss.exe 524 492 K 992 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1096 8,720 K 10,656 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 804 3,804 K 8,624 K Services and Controller app Microsoft Corporation
SearchFilterHost.exe 2580 5,792 K 9,956 K Microsoft Windows Search Filter Host Microsoft Corporation
RichVideo.exe 2360 1,828 K 22,840 K RichVideo Module
ReadyComm.exe 3956 15,500 K 43,244 K Lenovo ReadyComm Lenovo Group Limited
RAVCpl64.exe 3884 12,212 K 12,148 K HD Audio Control Panel Realtek Semiconductor
procexp.exe 4248 2,556 K 31,016 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
PManage.exe 3224 3,244 K 30,244 K VeriFace Tray Icon Manager Lenovo
OnekeyDM.exe 3672 2,904 K 6,324 K OnekeyDM MFC Application
NETLOG~1.EXE 3692 2,024 K 24,908 K Network client logging service AT&T
NetClientSvc.exe 2276 1,868 K 10,708 K AT&T Global Network Client Service AT&T
netcfgsvr.exe 2120 3,700 K 45,276 K Network configuration service AT&T
msiexec.exe 4824 25,452 K 39,352 K Windows® installer Microsoft Corporation
lxcimon.exe 3920 2,308 K 22,996 K Lexmark Device Monitor Lexmark International, Inc.
lxcicoms.exe 2084 4,452 K 6,952 K Printer Communication System
lsass.exe 816 5,100 K 4,568 K Local Security Authority Process Microsoft Corporation
issch.exe 3644 2,708 K 30,484 K InstallShield Update Service Scheduler InstallShield Software Corporation
IgrsSvcs.exe 1432 9,232 K 46,892 K Host Process for Windows Services Microsoft Corporation
igfxtray.exe 3720 2,836 K 6,060 K igfxTray Module Intel Corporation
igfxpers.exe 3768 2,712 K 6,028 K persistence Module Intel Corporation
igfxext.exe 3632 2,436 K 5,784 K igfxext Module Intel Corporation
IAANTmon.exe 2684 3,796 K 27,776 K RAID Monitor Intel Corporation
IAAnotif.exe 3704 3,692 K 27,916 K Event Monitor User Notification Tool Intel Corporation
ezprint.exe 3940 5,252 K 38,460 K Lexmark Fast Pics Application Lexmark International Inc.
ehtray.exe 3984 3,500 K 2,212 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 4036 2,260 K 5,432 K Media Center Media Status Aggregator Service Microsoft Corporation
DesktopNavigator.exe 3420 50,644 K 126,324 K DesktopNavigator Lenovo
DDNIService.exe 4392 3,260 K 27,232 K DIBS Service Digital Delivery Networks, Inc.
DDNIMSGUser.exe 3548 2,096 K 24,340 K User Account Digital Delivery Networks, Inc.
DDNIMSGService.exe 4356 1,928 K 13,128 K Caravan Service Digital Delivery Networks, Inc.
csrss.exe 672 3,004 K 7,700 K Client Server Runtime Process Microsoft Corporation
BcmSqlStartupSvc.exe 1148 1,600 K 21,948 K BCM SQL Startup Service Microsoft Corporation
audiodg.exe 1068 16,508 K 19,652 K Windows Audio Device Graph Isolation Microsoft Corporation
AAWTray.exe 2232 3,280 K 23,948 K Ad-Aware Tray Application Lavasoft Limited


results.log was blank. I ran it twice and it scanned twice but when clicking save nothing was in the log file.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
This is ugly:

Interrupts n/a 33.04 0 K 0 K Hardware Interrupts and DPCs

Normally it's about 1 %. Going to slow things down a whole lot.

Get Autoruns from:
http://live.sysinter...om/autoruns.exe

Save it to your desktop and right click and run as admin.

It's a little slow coming up so be patient. Once it finishes scanning, do File, Save, (to your desktop), SAVE. Then if you can, zip up the autoruns.arn file and attach it to your next post. If you can't zip it then just change the .arn to .txt and attach it.
  • 0

#7
HunterAce

HunterAce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ok... the latest is attached as a zip. thank you!
For what its worth, this laptop is running much faster than it was before we started this thread.

Attached Files


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Autoruns found something odd called netplap64.dll. Claims it is from AT&T but no hits on Google and it doesn't show up in any of the other scans. Run Autoruns again and click on the Winlogon tab. Find the NetPLAP entry and uncheck it. While you have Autoruns up you might as well go to Drivers and uncheck Beep and also
IpInIp
NwlnkFlt
NwlnkFwd

Close Autoruns and reboot. Run Process Explorer as before and post the log.

Ron
  • 0

#9
HunterAce

HunterAce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ok. I think the AT&T dll was from an AT&T dialer I used for work at one time. It is extremely proprietary so I
am not surprised you didnt find details on it. I removed the program.

I unchecked the other items you mentioned and rebooted and then ran procexp again.

Attached is the 2nd run of proc explorer.

Attached Files


Edited by HunterAce, 26 November 2011 - 08:01 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Interrupts n/a 1.54 0 K 0 K Hardware Interrupts and DPCs

Much improved anyway. Try OTL, Quickscan and let's see if the
PRC - File not found
line is still there.

Ron
  • 0

Advertisements


#11
HunterAce

HunterAce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ok here is the log.

Attached Files

  • Attached File  OTL.Txt   79.28KB   26 downloads

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
It's still there. Run TDSSKiller again but this time click on Change parameters and check the other two Additional Option items then run the Scan.

Ron
  • 0

#13
HunterAce

HunterAce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Yep. it found one item. I skipped it. Log attached.

Attached Files


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Another AT&T file. Wonder if it is the culprit.

Go back into Autoruns and under Drivers, uncheck avpnnic, close autoruns and reboot then run OTL Quickscan and see if that makes a difference.
  • 0

#15
HunterAce

HunterAce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
yeah agn network adapter.

New OTL attached.

Attached Files

  • Attached File  OTL.Txt   78.63KB   25 downloads

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP