Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus/malware messing up my Win Firewall, DVD drive and printers [Solv

Started by JHGR , Dec 27 2011 10:38 PM

  • This topic is locked This topic is locked

#1
JHGR
Posted 27 December 2011 - 10:38 PM

JHGR

    Member

  • Member
  • PipPip
  • 20 posts
Hello,

Most times when I start my laptop, it does not start ok: on the desktop it displays a balloon on the lower right side of the screen saying that the Windows Firewall has been turned off. Then, the computer is extremely slow and I can't get to work almost any program. Turning it off takes about 15 minutes, so I force it to shut down pressing the on/off button for about 5-10 seconds. I have to do this about two to three times every day until it starts ok.

Besides, (I don't know if its related with the issue just described), but my DVD drive stopped working. It will not read any CD or DVD, not even music CDs. In a similar way, when printing to my Lexmark E120 displays an error. I tried reinstalling the printer driver with no success. Finally, I also use a HP C3180 multifunctional printer which I also can't get to work, not as a printer nor as as scanner. I tried numerous times installing drivers without success.

I use AVG Antivirus Free Edition 2012 and scans show no virus. Also, I have run several times a program called ADVANCED SYSTEM CARE with no notorious improvements.

I hope you can gladly help me with my issues. Thanks in advance!



As per indicated in the beginner's guide, here is the OTL log result:



OTL logfile created on: 27/12/2011 11:06:04 p.m. - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\IBM\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000240A | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.46% Memory free
3.85 Gb Paging File | 2.75 Gb Available in Paging File | 71.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 42.04 Gb Free Space | 45.12% Space Free | Partition Type: NTFS

Computer Name: LENOVOT60 | User Name: IBM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 23:05:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IBM\My Documents\Downloads\OTL (1).exe
PRC - [2011/12/18 15:16:22 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/18 15:16:03 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/12/16 19:35:44 | 000,619,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/12/16 19:35:44 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2010/07/27 17:05:00 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/04/26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/01/06 02:13:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/01/06 02:13:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2009/09/21 15:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 15:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/09/21 15:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/08/14 11:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009/08/14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2009/08/07 17:20:00 | 000,593,920 | ---- | M] ( ) -- C:\WINDOWS\system32\lmabcoms.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/10/06 12:14:18 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/07 11:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\AstSrv.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/18 15:16:22 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/18 15:16:03 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/12/07 06:16:28 | 000,411,192 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 06:16:27 | 003,767,864 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 06:14:56 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 06:14:55 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 06:14:53 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 02:22:33 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/10/13 07:42:24 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/13 07:42:14 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 07:41:56 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 07:41:05 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 07:28:44 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011/10/13 07:28:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 07:28:24 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 07:28:07 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 07:26:12 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011/10/13 07:26:10 | 000,224,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
MOD - [2011/10/12 23:45:28 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/10/12 23:45:11 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/12 23:45:01 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 23:44:42 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011/03/06 04:11:30 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/27 17:57:16 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3559.24579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:16 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3559.24658__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:16 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3559.24560__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:16 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:16 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3559.24638__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:16 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3559.24575__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3559.24569__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:15 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:15 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:15 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3559.24659__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3559.24625__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:15 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3559.24568__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:15 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:15 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:14 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3559.24608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:14 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3559.24570__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:14 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3559.24633__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:14 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:14 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:14 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:14 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:13 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3559.24582__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:13 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3559.24602__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:13 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:13 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:13 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3559.24586__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3559.24585__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/01/27 17:57:12 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/01/27 17:57:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/01/27 17:57:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/01/27 17:57:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/01/27 17:57:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/01/27 17:57:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010/01/27 17:57:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/01/27 17:57:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/01/27 17:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/01/27 17:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2010/01/27 17:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/01/27 17:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/01/27 17:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/01/27 17:57:12 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/01/27 17:57:11 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/01/27 17:57:10 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3559.24686__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/01/27 17:57:10 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3559.24653__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/01/27 17:57:10 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3559.24651__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/01/27 17:57:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3559.24667__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/01/27 17:57:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/01/27 17:57:10 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/01/27 17:57:10 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/01/27 17:57:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/01/27 17:57:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/01/27 17:57:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/01/27 17:57:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/01/27 17:57:10 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/01/27 17:57:10 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/01/27 17:57:10 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3559.24555__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/01/27 17:57:09 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3559.24565__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/01/27 17:57:09 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3559.24647__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/01/27 17:57:09 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3559.24574__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/01/27 17:57:09 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3559.24557__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/01/27 17:57:09 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3559.24559__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/01/27 17:57:09 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/01/27 17:57:09 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/01/27 17:57:09 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/01/27 17:57:09 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/01/27 17:57:08 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3559.24558__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010/01/27 17:57:08 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3559.24557__90ba9c70f846762e\APM.Server.dll
MOD - [2010/01/27 17:57:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3559.24556__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/01/27 17:57:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/01/27 17:57:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3559.24652__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/01/27 17:57:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/01/06 02:13:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/01/06 02:13:00 | 000,051,712 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/01/06 02:13:00 | 000,031,744 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/14 11:47:34 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/08/14 11:45:04 | 000,069,697 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2009/05/15 16:01:26 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/18 15:16:22 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/12/16 19:35:44 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/01/06 02:13:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/01/06 02:13:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2009/09/21 15:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 15:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/09/21 15:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/08/14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2009/08/07 17:20:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\LMabcoms.exe -- (lmab_device)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/07 11:04:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\\AstSrv.exe -- (Ast Service)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/16 13:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2010/06/16 13:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/01/06 02:13:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/01/06 02:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2009/09/29 16:06:14 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/09/15 12:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Controlador del adaptador Intel®
DRV - [2009/08/17 15:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/08/10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/09 13:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/06/21 10:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/03/13 15:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/24 18:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/23 17:29:16 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2008/07/23 17:29:16 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/02/08 09:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/11/01 17:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 17:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 17:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.co/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011/12/23 11:47:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 11:47:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/10/09 12:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.22\ [2011/12/18 15:17:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/10/09 12:52:52 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Expenses.co.in = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gplpdfhoildmmfmchmhhfgigfhehjdbn\1.0.0.0_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: CashBase = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klehkbljbmijfgbokipcjeialaonhjlc\2.0.0_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: Todo.ly = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0\
CHR - Extension: Cuevana Stream = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\3.1.5_0\
CHR - Extension: Cuevana Stream = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\3.1.5_0\.svn\props\.svn-work
CHR - Extension: AccPal = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfegbccmkhhdpiegmliapflnacjnbndc\3.50_0\

O1 HOSTS File: ([2011/06/13 18:07:03 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.hamrick.com
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://support.lenov...etect/acpir.cab (IASRunner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1307752493812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://optionsxpres...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43F669F7-31BD-4DAB-8023-E180DA064FE7}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\IBM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\IBM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/27 15:17:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2d1a8c28-122e-11e0-a5a4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2d1a8c28-122e-11e0-a5a4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d1a8c28-122e-11e0-a5a4-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{550ea390-28d6-11e0-8359-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{550ea390-28d6-11e0-8359-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{550ea390-28d6-11e0-8359-806d6172696f}\Shell\AutoRun\command - "" = D:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{550ea390-28d6-11e0-8359-806d6172696f}\Shell\Option1\Command - "" = D:\hbcd\wintools\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/24 15:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\Application Data\Search Settings
[2011/12/24 15:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/12/24 15:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/12/24 15:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/12/18 15:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/16 19:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5
[2011/12/15 18:06:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/12/15 13:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Credit Card Manager 2010
[2011/12/06 15:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\Local Settings\Application Data\WMTools Downloaded Files
[2011/06/14 16:56:12 | 001,040,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabserv.dll
[2011/06/14 16:56:12 | 000,905,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabip1.dll
[2011/06/14 16:56:12 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabusb1.dll
[2011/06/14 16:56:12 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomc.dll
[2011/06/14 16:56:12 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpmui.dll
[2011/06/14 16:56:12 | 000,593,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcoms.exe
[2011/06/14 16:56:12 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lmablmpm.dll
[2011/06/14 16:56:12 | 000,479,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpar1.dll
[2011/06/14 16:56:12 | 000,450,560 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiobj.dll
[2011/06/14 16:56:12 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomm.dll
[2011/06/14 16:56:12 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabinpa.dll
[2011/06/14 16:56:12 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabhcp.dll
[2011/06/14 16:56:12 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiesc.dll
[2011/06/12 17:40:44 | 000,401,408 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/27 23:07:00 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-776561741-1417001333-1003UA.job
[2011/12/27 18:10:21 | 085,350,146 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/27 14:28:16 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8F8F65D-1600-4C55-81E3-F21FCC5DE45F}.job
[2011/12/27 08:16:08 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/27 08:15:44 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/12/27 08:15:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 18:29:35 | 000,178,546 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/26 08:07:00 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-776561741-1417001333-1003Core.job
[2011/12/24 23:46:03 | 010,063,360 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\Borreme.pps
[2011/12/18 23:52:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/16 19:16:43 | 000,034,211 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\Ag0b7fdCIAE9hw2.jpg
[2011/12/16 08:48:50 | 000,363,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 21:14:27 | 000,000,032 | ---- | M] () -- C:\WINDOWS\gca631.INI
[2011/12/15 17:55:11 | 003,424,256 | ---- | M] () -- C:\Documents and Settings\IBM\My Documents\My Money.mny
[2011/12/13 22:22:42 | 000,157,780 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\PREC Col.JPG
[2011/12/05 21:57:42 | 000,318,132 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\Lineas de tiempo PREC.JPG
[2011/11/30 16:00:27 | 000,004,543 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/24 17:12:39 | 010,063,360 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\Borreme.pps
[2011/12/16 21:22:47 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2011/12/16 19:16:48 | 000,034,211 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\Ag0b7fdCIAE9hw2.jpg
[2011/12/15 21:14:27 | 000,000,032 | ---- | C] () -- C:\WINDOWS\gca631.INI
[2011/12/13 22:22:41 | 000,157,780 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\PREC Col.JPG
[2011/12/12 21:43:24 | 003,424,256 | ---- | C] () -- C:\Documents and Settings\IBM\My Documents\My Money.mny
[2011/12/05 21:57:42 | 000,318,132 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\Lineas de tiempo PREC.JPG
[2011/10/26 00:17:47 | 000,186,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/10 22:48:40 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\vserial.sys
[2011/10/10 15:52:08 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 11:42:05 | 000,117,132 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011/08/01 11:39:33 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2011/06/13 15:34:31 | 000,110,085 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/06/13 15:34:31 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/06/13 15:28:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011/06/13 12:53:11 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/13 12:53:10 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/06/13 09:11:45 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2011/06/13 09:11:43 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2011/06/12 17:41:43 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMABB2DD.ini
[2011/06/11 13:07:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\fusioncache.dat
[2011/06/11 12:58:44 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2011/06/11 12:58:44 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2011/06/11 12:58:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL
[2011/06/11 12:58:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2011/06/11 12:58:44 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL
[2011/06/11 12:58:43 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2011/06/11 12:58:43 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll
[2011/06/10 23:17:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/10 19:16:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/27 17:15:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/27 17:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/27 17:52:49 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/01/27 17:52:49 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/01/27 17:52:48 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/01/27 17:26:33 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/01/27 17:26:33 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/01/27 17:26:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/01/27 15:20:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/27 15:14:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/27 06:07:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/27 06:06:25 | 000,363,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/14 11:47:34 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/07/23 17:29:16 | 000,015,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsb.sys
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/08/09 18:43:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/04/11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/03/31 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 06:00:00 | 000,444,616 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 06:00:00 | 000,072,708 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/12/18 15:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/10/13 09:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/06/13 16:09:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/10 22:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/12/16 19:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/12/27 18:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/13 16:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/10/09 12:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaAccount
[2011/06/11 05:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/06/11 05:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/11/16 10:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 17:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2011/10/28 18:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\anpo.republika.pl
[2011/10/13 09:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\AVG Secure Search
[2011/10/13 09:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\AVG2012
[2011/08/10 12:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\BitTorrent
[2011/10/28 18:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\fltk.org
[2011/10/24 15:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\GARMIN
[2011/08/01 12:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\Image Zone Express
[2011/12/16 19:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\IObit
[2011/10/11 00:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\Nokia
[2011/10/11 00:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\Nokia Ovi Suite
[2011/06/11 06:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\OpenOffice.org
[2011/06/11 05:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\PC Suite
[2011/12/24 15:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\Search Settings
[2011/12/27 08:15:44 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2011/12/27 14:28:16 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E8F8F65D-1600-4C55-81E3-F21FCC5DE45F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164

< End of report >
  • 0

Advertisements

#2
myrti
Posted 06 January 2012 - 06:34 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
safebootminimal
activex
drivers32
netsvcs
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti
  • 0

#3
JHGR
Posted 06 January 2012 - 08:14 AM

JHGR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello Myrti and thanks in advance for your help.


Exactly what happens is:

* At least two out of three times when I start my Lenovo T60 laptop, a small balloon on the lower right corner says that the Windows Firewall has been turned off. As of this, the computer gets extemely slow. I cannot get it to work normally. Shutting off takes almost 15 minutes, so I forcedly shut it off by pressing the power button for about 10 seconds.

* When the computer works "ok", de DVD drive does not work at all. Doesn't read any type of media, not even music CDs. I don't use it much but once in a while i need it and some how it stopped working. I use it as a desktop computer so there are no issues related with transporting or hitting it. I think it is not a hadware issue.

* I have a Lexmark E120 laser printer whit will not print at all. The printer is ok, as it works flawlessly with my mothers and my girlfriends laptops. The problem is: I send any documento to print, the printers "on line" green button starts flashing as if it were to start printing, a pop up balloon on the lower right hand corner appears saying that the document failed to print pointing me to go to troubleshooting. I performed the stated procedures and verifications but could not resolve the problem.

* Finally, I also have a HP C3180 multifunction bubble jet printer/scanner. I installed all the drivers and printing/scanning software ok. Some day the computer would not recognize it as if it had been uninstalled although it showed up in the printers list. I tried uninstalling and reinstalling the driver/software. About two times I got it to work, but the next time I needed it the same problem came up. Now I have to scan (main purpose of this printer) from another computer).

As I mentioned in my firs post, I have used the free version of a program called Advanced System Care. It performs some cleaning of the system/registry but I cannot say my problems have been resolved. For the Firewall issue, it worked for about a week but now again I have the problem at startup. For the printers issue it has not helped at all.



As you stated, here below is the report of the OTL:


Regards, Jaime





OTL logfile created on: 06/01/2012 08:58:45 a.m. - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\IBM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000240A | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.78% Memory free
3.85 Gb Paging File | 2.93 Gb Available in Paging File | 76.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 41.81 Gb Free Space | 44.88% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 0.13 Gb Free Space | 3.50% Space Free | Partition Type: FAT32

Computer Name: LENOVOT60 | User Name: IBM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/06 08:56:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IBM\Desktop\OTL (2).exe
PRC - [2011/12/18 15:16:22 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/18 15:16:03 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/12/16 19:35:44 | 000,619,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/12/16 19:35:44 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2010/07/27 17:05:00 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/04/26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/01/06 02:13:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/01/06 02:13:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2009/09/21 15:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 15:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/09/21 15:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/08/14 11:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009/08/14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2009/08/07 17:20:00 | 000,593,920 | ---- | M] ( ) -- C:\WINDOWS\system32\lmabcoms.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/10/06 12:14:18 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/07 11:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\AstSrv.exe
PRC - [2008/01/03 18:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/02 16:19:44 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
MOD - [2012/01/02 16:19:32 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2011/12/18 15:16:22 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/18 15:16:03 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/12/07 06:16:28 | 000,411,192 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 06:16:27 | 003,767,864 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 06:14:56 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 06:14:55 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 06:14:53 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/10/13 07:41:56 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 07:41:05 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 07:28:44 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011/10/13 07:28:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 07:28:24 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 07:28:07 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 07:26:12 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011/10/13 07:26:10 | 000,224,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
MOD - [2011/10/12 23:45:28 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/10/12 23:45:11 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/12 23:45:01 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 23:44:42 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011/03/06 04:11:30 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/01/27 17:57:16 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3559.24579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:16 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3559.24658__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:16 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3559.24560__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:16 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:16 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3559.24638__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:16 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3559.24575__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3559.24569__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:15 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:15 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:15 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3559.24659__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3559.24625__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:15 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3559.24568__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:15 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3559.24624__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:15 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3559.24619__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:14 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3559.24608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:14 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3559.24570__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:14 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3559.24633__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:14 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3559.24581__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:14 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:14 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:14 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3559.24617__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:13 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3559.24582__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:13 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3559.24602__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:13 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:13 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/01/27 17:57:13 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3559.24586__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/01/27 17:57:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3559.24606__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3559.24585__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3559.24607__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3559.24618__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/01/27 17:57:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/01/27 17:57:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/01/27 17:57:12 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/01/27 17:57:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/01/27 17:57:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/01/27 17:57:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/01/27 17:57:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/01/27 17:57:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010/01/27 17:57:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/01/27 17:57:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/01/27 17:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/01/27 17:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2010/01/27 17:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/01/27 17:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/01/27 17:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/01/27 17:57:12 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/01/27 17:57:11 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/01/27 17:57:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/01/27 17:57:10 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3559.24686__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/01/27 17:57:10 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3559.24653__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/01/27 17:57:10 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3559.24651__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/01/27 17:57:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3559.24667__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/01/27 17:57:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/01/27 17:57:10 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/01/27 17:57:10 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/01/27 17:57:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/01/27 17:57:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/01/27 17:57:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/01/27 17:57:10 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/01/27 17:57:10 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/01/27 17:57:10 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/01/27 17:57:10 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3559.24555__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/01/27 17:57:09 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3559.24565__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/01/27 17:57:09 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3559.24647__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/01/27 17:57:09 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3559.24574__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/01/27 17:57:09 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3559.24557__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/01/27 17:57:09 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3559.24559__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/01/27 17:57:09 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/01/27 17:57:09 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/01/27 17:57:09 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/01/27 17:57:09 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/01/27 17:57:08 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3559.24558__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010/01/27 17:57:08 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3559.24557__90ba9c70f846762e\APM.Server.dll
MOD - [2010/01/27 17:57:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3559.24556__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/01/27 17:57:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/01/27 17:57:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3559.24652__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/01/27 17:57:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/01/06 02:13:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/01/06 02:13:00 | 000,051,712 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/01/06 02:13:00 | 000,031,744 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/14 11:47:34 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009/08/14 11:45:04 | 000,069,697 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2009/05/15 16:01:26 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/18 15:16:22 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/12/16 19:35:44 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010/01/06 02:13:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/01/06 02:13:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/09/24 15:03:58 | 000,475,220 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2009/09/21 15:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 15:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/09/21 15:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/08/14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2009/08/07 17:20:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\LMabcoms.exe -- (lmab_device)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/07 11:04:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\\AstSrv.exe -- (Ast Service)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/16 13:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2010/06/16 13:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/01/06 02:13:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/01/06 02:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2009/09/29 16:06:14 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/09/15 12:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Controlador del adaptador Intel®
DRV - [2009/08/17 15:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/08/10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/09 13:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/06/21 10:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/03/13 15:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/24 18:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/23 17:29:16 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2008/07/23 17:29:16 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/02/08 09:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/11/01 17:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 17:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 17:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.co/
IE - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011/12/23 11:47:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 11:47:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/10/09 12:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.22\ [2011/12/18 15:17:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/10/09 12:52:52 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Expenses.co.in = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gplpdfhoildmmfmchmhhfgigfhehjdbn\1.0.0.0_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: CashBase = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klehkbljbmijfgbokipcjeialaonhjlc\2.0.0_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: MoneyTrail.net = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\maahemlihojmoclaacmfefmeggopnjdp\1.0.0.0_0\
CHR - Extension: Todo.ly = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0\
CHR - Extension: Cuevana Stream = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\3.1.5_0\
CHR - Extension: Cuevana Stream = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\3.1.5_0\.svn\props\.svn-work
CHR - Extension: AccPal = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfegbccmkhhdpiegmliapflnacjnbndc\3.50_0\

O1 HOSTS File: ([2011/06/13 18:07:03 | 000,000,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.hamrick.com
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1292428093-776561741-1417001333-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-1292428093-776561741-1417001333-1003..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-1292428093-776561741-1417001333-1003\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://support.lenov...etect/acpir.cab (IASRunner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1307752493812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://optionsxpres...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43F669F7-31BD-4DAB-8023-E180DA064FE7}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\IBM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\IBM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/27 15:17:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2d1a8c28-122e-11e0-a5a4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2d1a8c28-122e-11e0-a5a4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d1a8c28-122e-11e0-a5a4-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{550ea390-28d6-11e0-8359-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{550ea390-28d6-11e0-8359-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{550ea390-28d6-11e0-8359-806d6172696f}\Shell\AutoRun\command - "" = D:\hbcd\wintools\autorun.exe
O33 - MountPoints2\{550ea390-28d6-11e0-8359-806d6172696f}\Shell\Option1\Command - "" = D:\hbcd\wintools\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: IMFservice - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Carpetas Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {83169D43-4660-4347-BC95-E9D6E6BE65CE} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 08:56:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\IBM\Desktop\OTL (2).exe
[2012/01/03 18:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\.gconfd
[2012/01/03 18:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\.gconf
[2012/01/03 18:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\.gnome2_private
[2012/01/03 18:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\.gnome2
[2012/01/03 18:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\.gnucash
[2012/01/02 11:54:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/12/31 10:57:15 | 000,016,640 | R--- | C] (PalmSource, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys
[2011/12/31 10:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\My Documents\My Albums
[2011/12/31 10:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\Application Data\Arcsoft
[2011/12/31 10:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Palm
[2011/12/31 10:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\Application Data\HotSync
[2011/12/31 10:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/12/31 10:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Palm
[2011/12/31 10:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\My Documents\Palm OS Desktop
[2011/12/24 15:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\Application Data\Search Settings
[2011/12/24 15:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/12/24 15:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/12/24 15:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/12/18 15:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/16 19:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5
[2011/12/15 18:06:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/12/15 13:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Credit Card Manager 2010
[2011/06/14 16:56:12 | 001,040,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabserv.dll
[2011/06/14 16:56:12 | 000,905,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabip1.dll
[2011/06/14 16:56:12 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabusb1.dll
[2011/06/14 16:56:12 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomc.dll
[2011/06/14 16:56:12 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpmui.dll
[2011/06/14 16:56:12 | 000,593,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcoms.exe
[2011/06/14 16:56:12 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lmablmpm.dll
[2011/06/14 16:56:12 | 000,479,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpar1.dll
[2011/06/14 16:56:12 | 000,450,560 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiobj.dll
[2011/06/14 16:56:12 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomm.dll
[2011/06/14 16:56:12 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabinpa.dll
[2011/06/14 16:56:12 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabhcp.dll
[2011/06/14 16:56:12 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiesc.dll
[2011/06/12 17:40:44 | 000,401,408 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/06 08:56:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IBM\Desktop\OTL (2).exe
[2012/01/06 08:27:38 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/01/06 08:24:00 | 086,106,953 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/06 08:07:03 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-776561741-1417001333-1003UA.job
[2012/01/06 08:07:00 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-776561741-1417001333-1003Core.job
[2012/01/06 07:26:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/06 07:25:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/05 21:06:36 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8F8F65D-1600-4C55-81E3-F21FCC5DE45F}.job
[2012/01/05 17:57:08 | 000,186,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/03 18:47:18 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\IBM\.recently-used.xbel
[2012/01/03 18:42:41 | 000,003,415 | ---- | M] () -- C:\Documents and Settings\IBM\My Documents\Cuentas JHGR 2011.gnucash
[2012/01/03 18:42:41 | 000,003,392 | ---- | M] () -- C:\Documents and Settings\IBM\My Documents\Cuentas JHGR 2011.gnucash.20120103184241.gnucash
[2012/01/03 18:37:38 | 000,003,420 | ---- | M] () -- C:\Documents and Settings\IBM\My Documents\Cuentas JHGR 2011.gnucash.20120103183738.gnucash
[2012/01/03 18:32:36 | 000,003,296 | ---- | M] () -- C:\Documents and Settings\IBM\My Documents\Cuentas JHGR 2011.gnucash.20120103183236.gnucash
[2012/01/02 17:37:13 | 000,001,296 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\gRALES dic 2011.PDF
[2012/01/02 16:16:53 | 000,444,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/02 16:16:53 | 000,072,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/31 11:21:23 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\IBM\Application Data\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk
[2011/12/31 10:56:24 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/12/31 10:55:34 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Palm Desktop.lnk
[2011/12/24 23:46:03 | 010,063,360 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\Borreme.pps
[2011/12/18 23:52:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/16 19:16:43 | 000,034,211 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\Ag0b7fdCIAE9hw2.jpg
[2011/12/16 08:48:50 | 000,363,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 21:14:27 | 000,000,032 | ---- | M] () -- C:\WINDOWS\gca631.INI
[2011/12/15 17:55:11 | 003,424,256 | ---- | M] () -- C:\Documents and Settings\IBM\My Documents\My Money.mny
[2011/12/13 22:22:42 | 000,157,780 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\PREC Col.JPG
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/03 18:47:18 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\IBM\.recently-used.xbel
[2012/01/03 18:42:41 | 000,003,392 | ---- | C] () -- C:\Documents and Settings\IBM\My Documents\Cuentas JHGR 2011.gnucash.20120103184241.gnucash
[2012/01/03 18:37:38 | 000,003,420 | ---- | C] () -- C:\Documents and Settings\IBM\My Documents\Cuentas JHGR 2011.gnucash.20120103183738.gnucash
[2012/01/03 18:32:36 | 000,003,296 | ---- | C] () -- C:\Documents and Settings\IBM\My Documents\Cuentas JHGR 2011.gnucash.20120103183236.gnucash
[2012/01/03 18:22:53 | 000,003,415 | ---- | C] () -- C:\Documents and Settings\IBM\My Documents\Cuentas JHGR 2011.gnucash
[2012/01/02 17:37:35 | 000,001,296 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\gRALES dic 2011.PDF
[2011/12/31 10:56:24 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/12/31 10:55:34 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Palm Desktop.lnk
[2011/12/24 17:12:39 | 010,063,360 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\Borreme.pps
[2011/12/16 21:22:47 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2011/12/16 19:16:48 | 000,034,211 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\Ag0b7fdCIAE9hw2.jpg
[2011/12/15 21:14:27 | 000,000,032 | ---- | C] () -- C:\WINDOWS\gca631.INI
[2011/12/13 22:22:41 | 000,157,780 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\PREC Col.JPG
[2011/12/12 21:43:24 | 003,424,256 | ---- | C] () -- C:\Documents and Settings\IBM\My Documents\My Money.mny
[2011/10/26 00:17:47 | 000,186,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/10 22:48:40 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\vserial.sys
[2011/10/10 15:52:08 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 11:42:05 | 000,117,132 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011/08/01 11:39:33 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2011/06/13 15:34:31 | 000,110,085 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/06/13 15:34:31 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/06/13 15:28:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011/06/13 12:53:11 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/13 12:53:10 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/06/13 09:11:45 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2011/06/13 09:11:43 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2011/06/12 17:41:43 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMABB2DD.ini
[2011/06/11 13:07:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\fusioncache.dat
[2011/06/11 12:58:44 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2011/06/11 12:58:44 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2011/06/11 12:58:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL
[2011/06/11 12:58:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2011/06/11 12:58:44 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL
[2011/06/11 12:58:43 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2011/06/11 12:58:43 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll
[2011/06/10 23:17:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/10 19:16:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/27 17:15:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/27 17:59:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/27 17:52:49 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/01/27 17:52:49 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/01/27 17:52:48 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/01/27 17:26:33 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/01/27 17:26:33 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/01/27 17:26:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/01/27 15:20:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/27 15:14:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/27 06:07:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/27 06:06:25 | 000,363,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/14 11:47:34 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/07/23 17:29:16 | 000,015,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsb.sys
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/08/09 18:43:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/04/11 13:14:14 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/03/31 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 06:00:00 | 000,444,616 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 06:00:00 | 000,072,708 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/01/27 06:05:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/01/27 06:05:34 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/01/27 06:05:34 | 000,917,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164

< End of report >
  • 0

#4
myrti
Posted 06 January 2012 - 10:07 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

ok, could you please run a scan with gmer too:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
  • 0

#5
JHGR
Posted 08 January 2012 - 08:25 AM

JHGR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Myrti,

Did what you indicated. Had to run GMER in Safe Mode, as the system halted when I started scanning process. Any way, the scan took about 3 hours. Is this normal? I hope so.

Here is the log result. Thanks again for your help.


JG






GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-08 09:13:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST910021AS rev.4.06
Running: ls3fcwi0.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxldipog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[792] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044C771 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\AuxUserType\2
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\AuxUserType\2@ Picture
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\Conversion\Readable
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\Conversion\Readable\Main
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\Conversion\Readable\Main@ 8,PBrush
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\DataFormats\DefaultFile
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\DataFormats\DefaultFile@ 8
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\DataFormats\GetSet
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\DataFormats\GetSet\0
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\DataFormats\GetSet\0@ 8,1,1,3
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\InprocServer32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\MiscStatus@ 536
Reg HKLM\SOFTWARE\Classes\CLSID\{6E2D96FE-BA28-139B-B4BC-08AFBC7E58FB}\ProgID@ StaticDib

---- EOF - GMER 1.0.15 ----
  • 0

#6
myrti
Posted 08 January 2012 - 08:51 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingc...to-use-combofix
  • 0

#7
JHGR
Posted 08 January 2012 - 11:39 PM

JHGR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Just performed the ComboFix scan. It installed the Windows Recovery Console and after the tests, this is the result log file.

Thanks again,

JG






ComboFix 12-01-09.01 - IBM 09/01/2012 0:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1390 [GMT -5:00]
Running from: c:\documents and settings\IBM\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\IBM\g2mdlhlpx.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2b952feff58fbf0d.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b0a58b4575fc9175.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\spool\prtprocs\w32x86\LMACK54C.DLL
c:\windows\system32\spool\prtprocs\w32x86\LMACKC4C.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))))
.
.
2012-01-08 12:03 . 2012-01-08 12:03 -------- d-----w- c:\documents and settings\Administrator
2012-01-03 23:14 . 2012-01-03 23:15 -------- d-----w- c:\documents and settings\IBM\.gconf
2012-01-03 23:14 . 2012-01-03 23:14 -------- d-----w- c:\documents and settings\IBM\.gnome2
2012-01-03 23:14 . 2012-01-03 23:47 -------- d-----w- c:\documents and settings\IBM\.gnucash
2011-12-31 15:57 . 2007-12-04 22:10 16640 ----a-r- c:\windows\system32\drivers\PalmUSBD.sys
2011-12-31 15:56 . 2011-12-31 15:56 -------- d-----w- c:\documents and settings\IBM\Application Data\Arcsoft
2011-12-31 15:55 . 2011-12-31 15:55 -------- d-----w- c:\documents and settings\IBM\Application Data\HotSync
2011-12-31 15:55 . 2011-12-31 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HotSync
2011-12-31 15:54 . 2011-12-31 15:55 -------- d-----w- c:\program files\Palm
2011-12-24 20:31 . 2011-12-24 20:31 -------- d-----w- c:\documents and settings\IBM\Application Data\Search Settings
2011-12-24 20:31 . 2011-12-24 20:31 -------- d-----w- c:\program files\Application Updater
2011-12-24 20:31 . 2011-12-24 20:31 -------- d-----w- c:\program files\IObit Toolbar
2011-12-24 20:31 . 2011-12-24 20:31 -------- d-----w- c:\program files\Common Files\Spigot
2011-12-18 20:16 . 2011-12-18 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2011-12-18 20:13 . 2011-12-18 20:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2011-12-17 02:22 . 2011-10-20 03:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-15 18:08 . 2011-12-16 02:14 -------- d-----w- c:\program files\Credit Card Manager 2010
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 09:05 . 2011-07-05 21:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2008-04-14 06:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2008-04-14 10:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2008-04-14 10:42 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 10:41 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 05:07 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 10:42 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 10:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2008-04-14 05:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 10:41 186880 ----a-w- c:\windows\system32\encdec.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-01-26 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-18 20:15 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll" [2011-12-18 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-17 619352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2009-05-21 55048]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-01-06 513384]
"TpShocks"="TpShocks.exe" [2010-07-02 337256]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-18 892768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-21 22:54 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Correval\\Acciones\\ActualizacioneTrader.exe"=
"c:\\Program Files\\Correval\\Acciones\\COR.exe"=
"c:\\Program Files\\Correval\\Acciones\\ConfigurarProxyCliente.exe"=
"c:\\WINDOWS\\system32\\lmabcoms.exe"=
"c:\\Program Files\\Lexmark\\Scanback\\scanwiz.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 04:27 p.m. 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 a.m. 32592]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [13/06/2011 09:11 a.m. 24304]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [13/06/2011 12:53 p.m. 13496]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16/06/2010 01:44 p.m. 20592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 05:12 a.m. 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 02:19 p.m. 295248]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12/05/2008 07:04 p.m. 13480]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [16/12/2011 07:35 p.m. 494424]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [14/12/2011 01:13 p.m. 748440]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [11/06/2011 12:58 p.m. 57344]
R2 avgwd;WatchDog de AVG;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 a.m. 192776]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [13/06/2011 09:11 a.m. 132456]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [13/06/2011 12:53 p.m. 820568]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [13/06/2011 09:11 a.m. 53248]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13/03/2009 03:47 p.m. 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [13/06/2011 09:49 a.m. 63928]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [18/12/2011 03:16 p.m. 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 09:42 p.m. 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 09:42 p.m. 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 09:42 p.m. 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 a.m. 4433248]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [13/06/2011 09:49 a.m. 45496]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [09/10/2011 12:52 p.m. 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [09/10/2011 12:52 p.m. 8576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 05:42 a.m. 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-776561741-1417001333-1003Core.job
- c:\documents and settings\IBM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-10 23:47]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-776561741-1417001333-1003UA.job
- c:\documents and settings\IBM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-10 23:47]
.
2012-01-08 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-06-13 07:13]
.
2012-01-09 c:\windows\Tasks\User_Feed_Synchronization-{E8F8F65D-1600-4C55-81E3-F21FCC5DE45F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.co/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-09 00:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\Ati2evxx.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\sysset.dll
.
- - - - - - - > 'lsass.exe'(1272)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Completion time: 2012-01-09 00:33:37
ComboFix-quarantined-files.txt 2012-01-09 05:33
.
Pre-Run: 44,622,675,968 bytes free
Post-Run: 44,680,491,008 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2A7EC160470C6F50DF439BC40AD82351
  • 0

#8
myrti
Posted 09 January 2012 - 02:30 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

CF took out quite a lot. How is the PC doing now?

reagrds myrti
  • 0

#9
JHGR
Posted 09 January 2012 - 07:36 PM

JHGR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Myrti,

Thanks a lot for your help! Well, certainly there has been quite an improvement. At least, the computer has no problem turning on. No more "firewall disabled" balloons. Also, the DVD drive is working OK. Later I'll backup some photos on DVD.

Unfortunately, there are still no printing or scanning functions...

Thanks,


JG
  • 0

#10
JHGR
Posted 10 January 2012 - 06:50 AM

JHGR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Good morning,

Sorry to bother, please do not pay attention to my previous post. This morning the balloon with the "Your computer might be at risk. No firewall ir turned on" came up. I had to force it to shut down three times before it started working ok... DVD is working fine although I did no further tests on printing or scanning so I suppose that they are still not working, (like I said before).

Besides, something else came up: Last night something messed the internet scrolling, inadvertedly taking me to the lowest part of each page. The night before it also happended just before I turned off the computer for the day. I didn't pay much attention, but yesterday it repeated. I had to close and open Chrome again in order to get it working again.

Thanks,

JG
  • 0

Advertisements

#11
myrti
Posted 11 January 2012 - 04:30 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#12
JHGR
Posted 12 January 2012 - 08:47 AM

JHGR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Good morning, Myrti:

Just ran the Farbar Service Scanner and this was the result log file.


Thanks,

JG





Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(10) Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5) WSIMD(9)
0x0B000000060000000100000002000000030000000400000005000000560000000A000000070000000800000009000000


**** End of log ****
  • 0

#13
myrti
Posted 12 January 2012 - 08:54 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

FSS seems to think your Win Firewall is running, can you confirm that?

regards myrti
  • 0

#14
JHGR
Posted 12 January 2012 - 09:05 AM

JHGR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Yes, as a matter of fact, the Windows Firewall is running. My issue is that sometimes (most times, recently) when I start the computer some malware turns off the Firewall. It gets very slow and the only option is to force shut it down. This process I have to perform at least a couple of times until the computer starts ok, and most things run fine (except for printer/scanners) and the firewall remains tuned on as well.

Thanks,


JG
  • 0

#15
myrti
Posted 12 January 2012 - 09:12 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

as a next step please uninstall the Iobit toolbar and/or searchsettings. This is bloatware that is installed along with any software from iobit and collects data on your search behaviour and is generally undesirable.

Regarding your printer: You were able to use it before the infection, right? What happens when you uninstall the printer? What happens when you reinstall it?

Next time the Windows Firewall doesn't start, please try to run a scan with FSS again.

regards myrti
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP