Ron,
Thank you for your hard work. I've think I have attached all the logs below. - Brian
MBAM:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8240
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
11/25/2011 3:26:36 PM
mbam-log-2011-11-25 (15-26-36).txt
Scan type: Quick scan
Objects scanned: 171678
Time elapsed: 3 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 32
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{cbc5b60a-aa4d-45f6-84c2-d086f320299a} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files (x86)\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\skin (PUP.FCTPlugin) -> Quarantined and deleted successfully.
Files Infected:
c:\program files (x86)\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\bho_project.dll (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon.crx (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\enable.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\chrome.manifest (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\config_build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\files (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\install.rdf (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\readme.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\firefoxoverlay.xul (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\installid.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\overlay.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\content\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files (x86)\Object\facetheme\skin\overlay.css (PUP.FCTPlugin) -> Quarantined and deleted successfully.
COMBOFIX
ComboFix 11-11-25.02 - Karla 11/25/2011 15:46:53.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4056.2157 [GMT -5:00]
Running from: c:\users\Karla\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DailyBibleGuideEI
c:\program files (x86)\DailyBibleGuideEI\Installr\2.bin\2vEIPlug.dll
c:\program files (x86)\DailyBibleGuideEI\Installr\2.bin\2vEZSETP.dll
c:\program files (x86)\DailyBibleGuideEI\Installr\2.bin\NP2vEISb.dll
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\programdata\SPL7766.tmp
c:\programdata\SPL7FF3.tmp
c:\programdata\SPLBC21.tmp
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-25 21:10 . 2011-11-25 21:10 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54139D79-95D5-4ED2-88FD-BA98BCB9914F}\offreg.dll
2011-11-25 21:08 . 2011-11-25 21:14 -------- d-----w- c:\users\Karla\AppData\Local\temp
2011-11-25 21:08 . 2011-11-25 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-25 20:20 . 2011-11-25 20:20 -------- d-----w- c:\users\Karla\AppData\Roaming\Malwarebytes
2011-11-25 20:20 . 2011-11-25 20:20 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 20:20 . 2011-11-25 20:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-25 20:20 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 19:42 . 2011-11-25 19:42 -------- d-----w- C:\_OTL
2011-11-25 14:44 . 2011-11-25 14:44 -------- d-----w- c:\users\Karla\AppData\Local\Apps
2011-11-25 06:02 . 2011-11-25 04:11 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-25 04:12 . 2011-11-25 04:12 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-25 04:09 . 2011-11-25 04:09 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-25 04:09 . 2011-08-18 20:25 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-25 04:08 . 2011-11-25 04:09 -------- d-----w- c:\programdata\Lavasoft
2011-11-25 04:08 . 2011-11-25 04:08 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-19 16:14 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54139D79-95D5-4ED2-88FD-BA98BCB9914F}\mpengine.dll
2011-11-19 15:30 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-19 15:30 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-11-19 15:30 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-11-19 15:30 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-11-19 15:30 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-11-19 15:30 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-19 15:30 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-11-19 15:30 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-19 15:30 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 15:30 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-11-19 15:30 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-11-19 15:29 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-19 15:29 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-19 15:29 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-19 15:28 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll
2011-11-19 15:28 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll
2011-11-19 15:28 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-19 15:28 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-19 15:28 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-19 15:28 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-19 15:21 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-19 15:21 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-19 15:21 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-19 15:21 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-11-19 15:21 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-11-19 15:21 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-11-19 15:21 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-19 15:21 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 01:39 . 2011-10-26 01:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2011-07-06 02:37 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-07-06 02:37 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-07-05 03:19 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-06 02:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-07-06 02:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-07-06 02:38 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-07-06 02:38 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-07-06 02:38 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-07-06 02:38 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ReadyComm"="c:\program files (x86)\Lenovo\ReadyComm\ReadyComm.exe" [2008-07-24 425984]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"NetSP - restore settings on power failure"="c:\program files (x86)\AT&T Global Network Client\NetSP.exe" [2009-10-12 53600]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"IdeaNotesUser"="c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"OnekeyDM"="c:\program files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe" [2008-12-23 471552]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2009-05-15 3112960]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2008-10-22 5593088]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2008-10-31 8853392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\Karla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Navigator.lnk - c:\program files (x86)\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe [2008-12-26 328704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R2 slsvc32;Software Licensing ;c:\windows\system32\lxcipplc32.exe [x]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 funfrm;funfrm; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
S2 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
S2 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2008-02-14 32768]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-25 2152152]
S2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2007-02-02 566192]
S2 NetClientSvc;AT&T Global Network Client Service;c:\program files (x86)\AT&T Global Network Client\NetClientSvc.exe [2009-10-12 336224]
S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-09-27 434176]
S2 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-25 17152]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ IncSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 04:11]
.
2011-11-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 03:45]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 03:45]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-496822439-3291657786-1735164273-1003Core.job
- c:\users\Karla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 02:53]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-496822439-3291657786-1735164273-1003UA.job
- c:\users\Karla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 02:53]
.
2011-11-25 c:\windows\Tasks\User_Feed_Synchronization-{878A6B74-34F7-45AC-8FEC-A0D5E5567103}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-05-15 20:22 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-31 1657128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-05 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 200216]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-26 6962208]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-26 1833504]
"LXCICATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCItime.dll" [2006-11-21 31744]
"lxcimon.exe"="c:\program files (x86)\Lexmark 7300 Series\lxcimon.exe" [2007-02-02 205744]
"EzPrint"="c:\program files (x86)\Lexmark 7300 Series\ezprint.exe" [2007-02-02 103344]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XMxdm018YYus&ptb=B779AB42-5993-43F2-9569-8E280E5B5E81
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.live.com/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{7CC570A2-BE7B-4750-BD61-97CAEFD53BF2}: NameServer = 9.0.8.1,9.0.9.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Move Media Player:
[email protected] - c:\users\Karla\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep:
[email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-Lexmark 7300 Series - c:\program files (x86) (x86)\Lexmark 7300 Series\Install\x64\Uninst.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-496822439-3291657786-1735164273-1003\`*z* ]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:39,37,53,88,b9,2e,be,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\SysWOW64\IgrsSvcs.exe
c:\program files (x86)\AT&T Global Network Client\netcfgsvr.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
c:\progra~2\AT&TGL~1\NETLOG~1.EXE
.
**************************************************************************
.
Completion time: 2011-11-25 16:32:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-25 21:32
.
Pre-Run: 185,467,351,040 bytes free
Post-Run: 185,315,983,360 bytes free
.
- - End Of File - - 8921C03053B6A73189514ED7259C6A1F
TSSD
16:37:02.0104 2696 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
16:37:02.0681 2696 ============================================================
16:37:02.0681 2696 Current date / time: 2011/11/25 16:37:02.0681
16:37:02.0681 2696 SystemInfo:
16:37:02.0681 2696
16:37:02.0681 2696 OS Version: 6.0.6002 ServicePack: 2.0
16:37:02.0681 2696 Product type: Workstation
16:37:02.0681 2696 ComputerName: FARNSLEYHOME
16:37:02.0681 2696 UserName: Karla
16:37:02.0681 2696 Windows directory: C:\Windows
16:37:02.0681 2696 System windows directory: C:\Windows
16:37:02.0681 2696 Running under WOW64
16:37:02.0681 2696 Processor architecture: Intel x64
16:37:02.0681 2696 Number of processors: 2
16:37:02.0681 2696 Page size: 0x1000
16:37:02.0681 2696 Boot type: Normal boot
16:37:02.0681 2696 ============================================================
16:37:03.0196 2696 Initialize success
16:37:11.0511 4220 ============================================================
16:37:11.0511 4220 Scan started
16:37:11.0511 4220 Mode: Manual;
16:37:11.0511 4220 ============================================================
16:37:12.0135 4220 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:37:12.0150 4220 ACPI - ok
16:37:12.0291 4220 ACPIVPC (92545d2529b54df737204fe35d6042d1) C:\Windows\system32\DRIVERS\AcpiVpc.sys
16:37:12.0291 4220 ACPIVPC - ok
16:37:12.0384 4220 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:37:12.0384 4220 adp94xx - ok
16:37:12.0494 4220 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:37:12.0509 4220 adpahci - ok
16:37:12.0618 4220 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:37:12.0634 4220 adpu160m - ok
16:37:12.0650 4220 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:37:12.0665 4220 adpu320 - ok
16:37:12.0806 4220 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
16:37:12.0806 4220 AFD - ok
16:37:12.0946 4220 agnfilt (dbd5e77237a1780af4b18a2411a12fcd) C:\Windows\system32\DRIVERS\agnfilt.sys
16:37:12.0946 4220 agnfilt - ok
16:37:13.0149 4220 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:37:13.0149 4220 agp440 - ok
16:37:13.0336 4220 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:37:13.0336 4220 aic78xx - ok
16:37:13.0430 4220 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
16:37:13.0430 4220 aliide - ok
16:37:13.0476 4220 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:37:13.0476 4220 amdide - ok
16:37:13.0554 4220 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:37:13.0554 4220 AmdK8 - ok
16:37:13.0726 4220 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:37:13.0742 4220 arc - ok
16:37:13.0788 4220 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:37:13.0788 4220 arcsas - ok
16:37:13.0882 4220 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
16:37:13.0882 4220 aswFsBlk - ok
16:37:13.0944 4220 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
16:37:13.0944 4220 aswMonFlt - ok
16:37:13.0976 4220 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
16:37:13.0976 4220 aswRdr - ok
16:37:14.0054 4220 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
16:37:14.0054 4220 aswSnx - ok
16:37:14.0163 4220 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
16:37:14.0163 4220 aswSP - ok
16:37:14.0241 4220 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
16:37:14.0256 4220 aswTdi - ok
16:37:14.0381 4220 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:37:14.0381 4220 AsyncMac - ok
16:37:14.0444 4220 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
16:37:14.0444 4220 atapi - ok
16:37:14.0584 4220 avpnnic (9ac8e84eb4b3b56ea705968a9c2b4c3f) C:\Windows\system32\DRIVERS\avpnnic.sys
16:37:14.0600 4220 avpnnic - ok
16:37:14.0662 4220 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:37:14.0678 4220 b57nd60a - ok
16:37:14.0787 4220 Beep - ok
16:37:14.0865 4220 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:37:14.0865 4220 blbdrive - ok
16:37:14.0974 4220 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:37:14.0974 4220 bowser - ok
16:37:15.0052 4220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:37:15.0052 4220 BrFiltLo - ok
16:37:15.0130 4220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:37:15.0130 4220 BrFiltUp - ok
16:37:15.0192 4220 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:37:15.0208 4220 Brserid - ok
16:37:15.0270 4220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:37:15.0270 4220 BrSerWdm - ok
16:37:15.0317 4220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:37:15.0317 4220 BrUsbMdm - ok
16:37:15.0380 4220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:37:15.0380 4220 BrUsbSer - ok
16:37:15.0458 4220 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:37:15.0473 4220 BTHMODEM - ok
16:37:15.0473 4220 catchme - ok
16:37:15.0567 4220 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:37:15.0567 4220 cdfs - ok
16:37:15.0660 4220 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:37:15.0660 4220 cdrom - ok
16:37:15.0738 4220 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
16:37:15.0738 4220 circlass - ok
16:37:15.0848 4220 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:37:15.0848 4220 CLFS - ok
16:37:15.0972 4220 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
16:37:15.0972 4220 CmBatt - ok
16:37:16.0019 4220 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:37:16.0019 4220 cmdide - ok
16:37:16.0066 4220 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
16:37:16.0082 4220 Compbatt - ok
16:37:16.0144 4220 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:37:16.0144 4220 crcdisk - ok
16:37:16.0316 4220 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:37:16.0316 4220 DfsC - ok
16:37:16.0425 4220 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:37:16.0425 4220 disk - ok
16:37:16.0518 4220 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:37:16.0518 4220 drmkaud - ok
16:37:16.0659 4220 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
16:37:16.0674 4220 DXGKrnl - ok
16:37:16.0815 4220 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:37:16.0815 4220 E1G60 - ok
16:37:16.0877 4220 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:37:16.0877 4220 Ecache - ok
16:37:17.0049 4220 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:37:17.0049 4220 elxstor - ok
16:37:17.0189 4220 enecir (228e8badcb14bf178a4aa4cfb7adebc8) C:\Windows\system32\DRIVERS\enecir.sys
16:37:17.0189 4220 enecir - ok
16:37:17.0283 4220 enecirhid (b0b0c493609e40bd9e1b8f2aa9ccbedc) C:\Windows\system32\DRIVERS\enecirhid.sys
16:37:17.0283 4220 enecirhid - ok
16:37:17.0330 4220 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\Windows\system32\DRIVERS\enecirhidma.sys
16:37:17.0330 4220 enecirhidma - ok
16:37:17.0361 4220 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:37:17.0361 4220 ErrDev - ok
16:37:17.0470 4220 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:37:17.0470 4220 exfat - ok
16:37:17.0517 4220 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:37:17.0532 4220 fastfat - ok
16:37:17.0642 4220 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:37:17.0642 4220 fdc - ok
16:37:17.0688 4220 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:37:17.0688 4220 FileInfo - ok
16:37:17.0720 4220 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:37:17.0720 4220 Filetrace - ok
16:37:17.0766 4220 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:37:17.0766 4220 flpydisk - ok
16:37:17.0844 4220 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:37:17.0844 4220 FltMgr - ok
16:37:17.0954 4220 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:37:17.0954 4220 Fs_Rec - ok
16:37:18.0000 4220 funfrm (65fb4713df24f56557e148b8503f5dea) C:\Windows\system32\drivers\funfrm.sys
16:37:18.0000 4220 funfrm - ok
16:37:18.0125 4220 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:37:18.0125 4220 gagp30kx - ok
16:37:18.0328 4220 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
16:37:18.0344 4220 HdAudAddService - ok
16:37:18.0468 4220 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:37:18.0484 4220 HDAudBus - ok
16:37:18.0609 4220 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:37:18.0609 4220 HidBth - ok
16:37:18.0656 4220 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
16:37:18.0656 4220 HidIr - ok
16:37:18.0796 4220 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:37:18.0796 4220 HidUsb - ok
16:37:18.0874 4220 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:37:18.0890 4220 HpCISSs - ok
16:37:19.0030 4220 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:37:19.0046 4220 HTTP - ok
16:37:19.0155 4220 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:37:19.0155 4220 i2omp - ok
16:37:19.0202 4220 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:37:19.0217 4220 i8042prt - ok
16:37:19.0358 4220 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys
16:37:19.0373 4220 iaStor - ok
16:37:19.0420 4220 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:37:19.0420 4220 iaStorV - ok
16:37:19.0748 4220 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:37:19.0950 4220 igfx - ok
16:37:20.0075 4220 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:37:20.0075 4220 iirsp - ok
16:37:20.0278 4220 IntcAzAudAddService (f734f6464e8b28712a9ec9eb447c5b92) C:\Windows\system32\drivers\RTKVHD64.sys
16:37:20.0294 4220 IntcAzAudAddService - ok
16:37:20.0418 4220 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
16:37:20.0418 4220 IntcHdmiAddService - ok
16:37:20.0496 4220 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:37:20.0496 4220 intelide - ok
16:37:20.0559 4220 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:37:20.0559 4220 intelppm - ok
16:37:20.0668 4220 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:37:20.0668 4220 IpFilterDriver - ok
16:37:20.0730 4220 IpInIp - ok
16:37:20.0777 4220 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:37:20.0793 4220 IPMIDRV - ok
16:37:20.0855 4220 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:37:20.0871 4220 IPNAT - ok
16:37:20.0933 4220 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:37:20.0933 4220 IRENUM - ok
16:37:21.0027 4220 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:37:21.0027 4220 isapnp - ok
16:37:21.0089 4220 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:37:21.0089 4220 iScsiPrt - ok
16:37:21.0136 4220 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:37:21.0136 4220 iteatapi - ok
16:37:21.0245 4220 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:37:21.0245 4220 iteraid - ok
16:37:21.0308 4220 k57nd60a (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:37:21.0323 4220 k57nd60a - ok
16:37:21.0432 4220 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:37:21.0432 4220 kbdclass - ok
16:37:21.0464 4220 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:37:21.0464 4220 kbdhid - ok
16:37:21.0604 4220 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
16:37:21.0604 4220 KSecDD - ok
16:37:21.0713 4220 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:37:21.0713 4220 ksthunk - ok
16:37:21.0869 4220 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
16:37:21.0869 4220 Lavasoft Kernexplorer - ok
16:37:21.0994 4220 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
16:37:21.0994 4220 Lbd - ok
16:37:22.0025 4220 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:37:22.0041 4220 lltdio - ok
16:37:22.0166 4220 LPCFilter (9c551a9121639a9779862cb8a6cabf03) C:\Windows\system32\DRIVERS\LPCFilter.sys
16:37:22.0166 4220 LPCFilter - ok
16:37:22.0228 4220 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:37:22.0244 4220 LSI_FC - ok
16:37:22.0337 4220 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:37:22.0337 4220 LSI_SAS - ok
16:37:22.0368 4220 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:37:22.0384 4220 LSI_SCSI - ok
16:37:22.0400 4220 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:37:22.0400 4220 luafv - ok
16:37:22.0540 4220 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:37:22.0540 4220 megasas - ok
16:37:22.0587 4220 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:37:22.0587 4220 MegaSR - ok
16:37:22.0712 4220 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:37:22.0712 4220 Modem - ok
16:37:22.0743 4220 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:37:22.0743 4220 monitor - ok
16:37:22.0836 4220 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:37:22.0836 4220 mouclass - ok
16:37:22.0930 4220 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:37:22.0946 4220 mouhid - ok
16:37:23.0008 4220 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:37:23.0008 4220 MountMgr - ok
16:37:23.0086 4220 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:37:23.0086 4220 mpio - ok
16:37:23.0180 4220 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:37:23.0180 4220 mpsdrv - ok
16:37:23.0258 4220 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:37:23.0258 4220 Mraid35x - ok
16:37:23.0367 4220 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:37:23.0367 4220 MRxDAV - ok
16:37:23.0429 4220 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:37:23.0429 4220 mrxsmb - ok
16:37:23.0554 4220 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:37:23.0554 4220 mrxsmb10 - ok
16:37:23.0585 4220 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:37:23.0601 4220 mrxsmb20 - ok
16:37:23.0648 4220 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
16:37:23.0648 4220 msahci - ok
16:37:23.0741 4220 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:37:23.0741 4220 msdsm - ok
16:37:23.0788 4220 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:37:23.0788 4220 Msfs - ok
16:37:23.0850 4220 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:37:23.0850 4220 msisadrv - ok
16:37:23.0975 4220 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:37:23.0975 4220 MSKSSRV - ok
16:37:24.0038 4220 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:37:24.0038 4220 MSPCLOCK - ok
16:37:24.0053 4220 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:37:24.0053 4220 MSPQM - ok
16:37:24.0178 4220 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:37:24.0178 4220 MsRPC - ok
16:37:24.0287 4220 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:37:24.0287 4220 mssmbios - ok
16:37:24.0334 4220 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:37:24.0334 4220 MSTEE - ok
16:37:24.0381 4220 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:37:24.0381 4220 Mup - ok
16:37:24.0521 4220 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:37:24.0521 4220 NativeWifiP - ok
16:37:24.0615 4220 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:37:24.0615 4220 NDIS - ok
16:37:24.0724 4220 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:37:24.0724 4220 NdisTapi - ok
16:37:24.0755 4220 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:37:24.0771 4220 Ndisuio - ok
16:37:24.0818 4220 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:37:24.0818 4220 NdisWan - ok
16:37:24.0942 4220 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:37:24.0942 4220 NDProxy - ok
16:37:24.0958 4220 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:37:24.0958 4220 NetBIOS - ok
16:37:25.0020 4220 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:37:25.0036 4220 netbt - ok
16:37:25.0317 4220 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
16:37:25.0442 4220 NETw5v64 - ok
16:37:25.0551 4220 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:37:25.0551 4220 nfrd960 - ok
16:37:25.0613 4220 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:37:25.0613 4220 Npfs - ok
16:37:25.0644 4220 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:37:25.0660 4220 nsiproxy - ok
16:37:25.0847 4220 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:37:25.0863 4220 Ntfs - ok
16:37:25.0988 4220 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:37:25.0988 4220 Null - ok
16:37:26.0019 4220 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:37:26.0034 4220 nvraid - ok
16:37:26.0050 4220 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:37:26.0050 4220 nvstor - ok
16:37:26.0081 4220 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:37:26.0097 4220 nv_agp - ok
16:37:26.0175 4220 NwlnkFlt - ok
16:37:26.0190 4220 NwlnkFwd - ok
16:37:26.0237 4220 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
16:37:26.0237 4220 ohci1394 - ok
16:37:26.0284 4220 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:37:26.0284 4220 Parport - ok
16:37:26.0393 4220 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:37:26.0393 4220 partmgr - ok
16:37:26.0456 4220 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:37:26.0456 4220 pci - ok
16:37:26.0487 4220 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
16:37:26.0487 4220 pciide - ok
16:37:26.0596 4220 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:37:26.0596 4220 pcmcia - ok
16:37:26.0643 4220 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:37:26.0658 4220 PEAUTH - ok
16:37:26.0846 4220 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:37:26.0846 4220 PptpMiniport - ok
16:37:26.0877 4220 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:37:26.0877 4220 Processor - ok
16:37:27.0033 4220 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:37:27.0033 4220 PSched - ok
16:37:27.0111 4220 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:37:27.0142 4220 ql2300 - ok
16:37:27.0251 4220 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:37:27.0251 4220 ql40xx - ok
16:37:27.0298 4220 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:37:27.0298 4220 QWAVEdrv - ok
16:37:27.0314 4220 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:37:27.0314 4220 RasAcd - ok
16:37:27.0470 4220 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:37:27.0470 4220 Rasl2tp - ok
16:37:27.0501 4220 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:37:27.0501 4220 RasPppoe - ok
16:37:27.0516 4220 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:37:27.0516 4220 RasSstp - ok
16:37:27.0657 4220 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:37:27.0672 4220 rdbss - ok
16:37:27.0766 4220 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:37:27.0766 4220 RDPCDD - ok
16:37:27.0828 4220 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:37:27.0828 4220 rdpdr - ok
16:37:27.0953 4220 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:37:27.0953 4220 RDPENCDD - ok
16:37:28.0016 4220 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
16:37:28.0016 4220 RDPWD - ok
16:37:28.0187 4220 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:37:28.0187 4220 RimVSerPort - ok
16:37:28.0218 4220 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
16:37:28.0218 4220 ROOTMODEM - ok
16:37:28.0343 4220 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:37:28.0343 4220 rspndr - ok
16:37:28.0421 4220 RTSTOR (e7f397f7f4bf9a5c221a9c647acba8bf) C:\Windows\system32\drivers\RTSTOR64.SYS
16:37:28.0421 4220 RTSTOR - ok
16:37:28.0530 4220 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:37:28.0530 4220 sbp2port - ok
16:37:28.0593 4220 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
16:37:28.0593 4220 sdbus - ok
16:37:28.0624 4220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:37:28.0624 4220 secdrv - ok
16:37:28.0749 4220 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:37:28.0749 4220 Serenum - ok
16:37:28.0796 4220 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:37:28.0811 4220 Serial - ok
16:37:28.0827 4220 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:37:28.0827 4220 sermouse - ok
16:37:28.0952 4220 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:37:28.0952 4220 sffdisk - ok
16:37:28.0967 4220 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:37:28.0967 4220 sffp_mmc - ok
16:37:28.0998 4220 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:37:28.0998 4220 sffp_sd - ok
16:37:29.0014 4220 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:37:29.0014 4220 sfloppy - ok
16:37:29.0030 4220 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:37:29.0045 4220 SiSRaid2 - ok
16:37:29.0061 4220 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:37:29.0061 4220 SiSRaid4 - ok
16:37:29.0217 4220 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:37:29.0232 4220 Smb - ok
16:37:29.0279 4220 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:37:29.0295 4220 spldr - ok
16:37:29.0435 4220 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:37:29.0451 4220 srv - ok
16:37:29.0560 4220 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:37:29.0560 4220 srv2 - ok
16:37:29.0576 4220 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:37:29.0591 4220 srvnet - ok
16:37:29.0732 4220 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:37:29.0732 4220 swenum - ok
16:37:29.0794 4220 swmsflt (179de6936fbb0702f89535b27e311b1f) C:\Windows\System32\drivers\swmsflt.sys
16:37:29.0794 4220 swmsflt - ok
16:37:29.0841 4220 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:37:29.0841 4220 Symc8xx - ok
16:37:29.0934 4220 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:37:29.0934 4220 Sym_hi - ok
16:37:29.0997 4220 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:37:30.0012 4220 Sym_u3 - ok
16:37:30.0122 4220 SynTP (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
16:37:30.0122 4220 SynTP - ok
16:37:30.0246 4220 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
16:37:30.0262 4220 Tcpip - ok
16:37:30.0434 4220 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
16:37:30.0449 4220 Tcpip6 - ok
16:37:30.0574 4220 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:37:30.0574 4220 tcpipreg - ok
16:37:30.0621 4220 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:37:30.0621 4220 TDPIPE - ok
16:37:30.0730 4220 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:37:30.0730 4220 TDTCP - ok
16:37:30.0792 4220 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:37:30.0792 4220 tdx - ok
16:37:30.0839 4220 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:37:30.0839 4220 TermDD - ok
16:37:30.0964 4220 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:37:30.0964 4220 tssecsrv - ok
16:37:30.0995 4220 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:37:31.0011 4220 tunmp - ok
16:37:31.0011 4220 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
16:37:31.0026 4220 tunnel - ok
16:37:31.0058 4220 tvtumon (2a0e28b8ccaa8282170ab3e6767b77ac) C:\Windows\system32\DRIVERS\tvtumon.sys
16:37:31.0058 4220 tvtumon - ok
16:37:31.0182 4220 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:37:31.0182 4220 uagp35 - ok
16:37:31.0229 4220 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:37:31.0245 4220 udfs - ok
16:37:31.0385 4220 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:37:31.0385 4220 uliagpkx - ok
16:37:31.0416 4220 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:37:31.0432 4220 uliahci - ok
16:37:31.0541 4220 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:37:31.0541 4220 UlSata - ok
16:37:31.0572 4220 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:37:31.0588 4220 ulsata2 - ok
16:37:31.0604 4220 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:37:31.0604 4220 umbus - ok
16:37:31.0760 4220 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:37:31.0760 4220 usbccgp - ok
16:37:31.0806 4220 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:37:31.0822 4220 usbcir - ok
16:37:31.0947 4220 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:37:31.0962 4220 usbehci - ok
16:37:31.0994 4220 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:37:32.0009 4220 usbhub - ok
16:37:32.0118 4220 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
16:37:32.0118 4220 usbohci - ok
16:37:32.0150 4220 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:37:32.0150 4220 usbprint - ok
16:37:32.0274 4220 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:37:32.0274 4220 usbscan - ok
16:37:32.0321 4220 usbsmi (73344578614f76d0d82fa71714f6a241) C:\Windows\system32\DRIVERS\SMIksdrv.sys
16:37:32.0321 4220 usbsmi - ok
16:37:32.0446 4220 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:37:32.0446 4220 USBSTOR - ok
16:37:32.0493 4220 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:37:32.0508 4220 usbuhci - ok
16:37:32.0618 4220 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
16:37:32.0633 4220 usbvideo - ok
16:37:32.0664 4220 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:37:32.0664 4220 vga - ok
16:37:32.0696 4220 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:37:32.0696 4220 VgaSave - ok
16:37:32.0805 4220 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:37:32.0805 4220 viaide - ok
16:37:32.0867 4220 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:37:32.0867 4220 volmgr - ok
16:37:33.0008 4220 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:37:33.0008 4220 volmgrx - ok
16:37:33.0117 4220 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:37:33.0117 4220 volsnap - ok
16:37:33.0164 4220 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:37:33.0164 4220 vsmraid - ok
16:37:33.0257 4220 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:37:33.0257 4220 WacomPen - ok
16:37:33.0304 4220 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:37:33.0304 4220 Wanarp - ok
16:37:33.0320 4220 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:37:33.0320 4220 Wanarpv6 - ok
16:37:33.0382 4220 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:37:33.0382 4220 Wd - ok
16:37:33.0476 4220 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:37:33.0491 4220 Wdf01000 - ok
16:37:33.0678 4220 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:37:33.0678 4220 WimFltr - ok
16:37:33.0772 4220 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:37:33.0772 4220 WmiAcpi - ok
16:37:33.0928 4220 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
16:37:33.0928 4220 WpdUsb - ok
16:37:33.0959 4220 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:37:33.0959 4220 ws2ifsl - ok
16:37:34.0100 4220 WSVD (ecdd6cd8d31adf2048ddd1666b53de5c) C:\Windows\system32\drivers\WSVD.sys
16:37:34.0100 4220 WSVD - ok
16:37:34.0131 4220 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:37:34.0146 4220 WUDFRd - ok
16:37:34.0224 4220 MBR (0x1B8) (cfec0bc28e237ab24b54aebeb03049fb) \Device\Harddisk0\DR0
16:37:34.0505 4220 \Device\Harddisk0\DR0 - ok
16:37:34.0505 4220 Boot (0x1200) (153e23039f635ef60bd0b3a1e1f0455f) \Device\Harddisk0\DR0\Partition0
16:37:34.0505 4220 \Device\Harddisk0\DR0\Partition0 - ok
16:37:34.0536 4220 Boot (0x1200) (64f5118db992107a4bb9c9c2b7886e3d) \Device\Harddisk0\DR0\Partition1
16:37:34.0536 4220 \Device\Harddisk0\DR0\Partition1 - ok
16:37:34.0536 4220 ============================================================
16:37:34.0536 4220 Scan finished
16:37:34.0536 4220 ============================================================
16:37:34.0568 4388 Detected object count: 0
16:37:34.0568 4388 Actual detected object count: 0
16:38:15.0081 3720 Deinitialize success
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-25 16:39:59
-----------------------------
16:39:59.334 OS Version: Windows x64 6.0.6002 Service Pack 2
16:39:59.335 Number of processors: 2 586 0x170A
16:39:59.336 ComputerName: FARNSLEYHOME UserName: Karla
16:40:01.029 Initialize success
16:40:01.190 AVAST engine defs: 11112501
16:40:38.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:40:38.183 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
16:40:38.206 Disk 0 MBR read successfully
16:40:38.210 Disk 0 MBR scan
16:40:38.214 Disk 0 unknown MBR code
16:40:38.218 Service scanning
16:40:39.809 Modules scanning
16:40:39.813 Scan finished successfully
16:40:54.371 Disk 0 MBR has been saved successfully to "C:\Users\Karla\Desktop\MBR.dat"
16:40:54.373 The log file has been saved successfully to "C:\Users\Karla\Desktop\aswMBR.txt"
OTL logfile created on: 11/25/2011 4:42:33 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Karla\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 50.12% Memory free
8.11 Gb Paging File | 6.24 Gb Available in Paging File | 76.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252.95 Gb Total Space | 172.06 Gb Free Space | 68.02% Space Free | Partition Type: NTFS
Drive D: | 30.38 Gb Total Space | 28.44 Gb Free Space | 93.60% Space Free | Partition Type: NTFS
Computer Name: FARNSLEYHOME | User Name: Karla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - File not found
PRC - C:\Users\Karla\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe (AT&T)
PRC - C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe (AT&T)
PRC - C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe (AT&T)
PRC - C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Windows\SysWOW64\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)
========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\SysWOW64\SBarHook.DLL ()
MOD - C:\Program Files (x86)\Lenovo\ReadyComm\NetApp.dll ()
MOD - C:\Program Files (x86)\Lenovo\ReadyComm\NetApp.en.dll ()
MOD - C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll ()
MOD - C:\Program Files (x86)\Lexmark 7300 Series\lxcidrec.dll ()
========== Win32 Services (SafeList) ========== SRV:
64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:
64bit: - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DKService.exe (Diskeeper Corporation)
SRV:
64bit: - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
SRV:
64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:
64bit: - (lxci_device) -- C:\Windows\SysNative\lxcicoms.exe ( )
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (DDNIService) -- C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe (Digital Delivery Networks, Inc.)
SRV - (DDNIMSGService) -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe (Digital Delivery Networks, Inc.)
SRV - (NetLogSvc) -- C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe (AT&T)
SRV - (netcfgsvr) -- C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe (AT&T)
SRV - (NetClientSvc) -- C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe (AT&T)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IncSvc) -- C:\Windows\SysWow64\IgrsSvcs.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (lxci_device) -- C:\Windows\SysWow64\lxcicoms.exe ( )
========== Driver Services (SafeList) ========== DRV:
64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:
64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:
64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:
64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:
64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:
64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:
64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:
64bit: - (agnfilt) -- C:\Windows\SysNative\DRIVERS\agnfilt.sys (AT&T)
DRV:
64bit: - (avpnnic) -- C:\Windows\SysNative\DRIVERS\avpnnic.sys (AT&T)
DRV:
64bit: - (funfrm) -- C:\Windows\SysNative\drivers\funfrm.sys ()
DRV:
64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:
64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:
64bit: - (usbsmi) -- C:\Windows\SysNative\DRIVERS\SMIksdrv.sys (SMI)
DRV:
64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:
64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:
64bit: - (ACPIVPC) -- C:\Windows\SysNative\DRIVERS\AcpiVpc.sys (Lenovo Corporation)
DRV:
64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:
64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:
64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:
64bit: - (tvtumon) -- C:\Windows\SysNative\DRIVERS\tvtumon.sys (Lenovo)
DRV:
64bit: - (swmsflt) -- C:\Windows\SysNative\drivers\swmsflt.sys ()
DRV:
64bit: - (k57nd60a) Broadcom NetLink -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:
64bit: - (WSVD) -- C:\Windows\SysNative\drivers\WSVD.sys (CyberLink)
DRV:
64bit: - (enecirhid) -- C:\Windows\SysNative\DRIVERS\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:
64bit: - (enecirhidma) -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:
64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:
64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:
64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation)
DRV:
64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:
64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:
64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://www.lenovo.com/ [binary data]
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://lenovo.live.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://lenovo.live.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://home.mywebsea...69-8E280E5B5E81IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "
http://www.google.com/"FF - prefs.js..extensions.enabledItems:
[email protected]:7
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems:
[email protected]:6.0.1289
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.7896
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.DailyBibleGuide.com/Plugin: C:\Program Files (x86)\DailyBibleGuideEI\Installr\2.bin\NP2vEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Karla\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Karla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Karla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/03 17:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 22:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 22:35:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Users\Karla\AppData\Roaming\Move Networks [2009/05/28 22:06:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
[2009/05/28 13:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karla\AppData\Roaming\Mozilla\Extensions
[2010/02/03 14:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karla\AppData\Roaming\Mozilla\eclipse1\extensions
[2011/11/25 15:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions
[2011/03/08 20:01:39 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/03 17:07:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/01 11:31:56 | 000,009,946 | ---- | M] () -- C:\Users\Karla\AppData\Roaming\Mozilla\Firefox\Profiles\rvc5zbhi.default\searchplugins\DailyBibleGuide.xml
[2011/11/25 14:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/18 19:48:38 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/03 17:35:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/05/28 22:06:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\KARLA\APPDATA\ROAMING\MOVE NETWORKS
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ========== CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url =
http://stp.startnow....ion=6.0-x64-SP2CHR - default_search_provider: suggest_url =
http://api.bing.com/...n.aspx?query=%sCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Karla\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: avast! WebRep = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Facetheme = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl\1.0_0\
CHR - Extension: Skype Extension = C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\
O1 HOSTS File: ([2011/11/25 16:13:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:
64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3:
64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe (Lexmark International Inc.)
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [LXCICATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCItime.DLL (Lexmark International Inc.)
O4:
64bit: - HKLM..\Run: [lxcimon.exe] C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:
64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OnekeyDM] C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files (x86)\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [ReadyComm] C:\Program Files (x86)\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
O4 - Startup: C:\Users\Karla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:
64bit: - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC570A2-BE7B-4750-BD61-97CAEFD53BF2}: NameServer = 9.0.8.1,9.0.9.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9BED840-E2A9-423C-B4A3-06F5B5ECE05C}: DhcpNameServer = 68.87.72.134 68.87.77.134
O18:
64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:
64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Karla\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Karla\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck lsdelete)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/11/25 16:39:13 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Karla\Desktop\aswMBR.exe
[2011/11/25 16:35:51 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Karla\Desktop\tdsskiller.exe
[2011/11/25 16:32:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/25 16:32:59 | 000,000,000 | ---D | C] -- C:\Users\Karla\AppData\Local\temp
[2011/11/25 16:13:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/25 15:41:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/25 15:41:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/25 15:41:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/25 15:41:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/25 15:41:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/25 15:39:02 | 004,307,453 | R--- | C] (Swearware) -- C:\Users\Karla\Desktop\ComboFix.exe
[2011/11/25 15:20:57 | 000,000,000 | ---D | C] -- C:\Users\Karla\AppData\Roaming\Malwarebytes
[2011/11/25 15:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/25 15:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 15:20:28 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/25 15:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/25 15:17:52 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Karla\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/25 14:42:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/25 09:56:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Karla\Desktop\OTL.exe
[2011/11/25 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\Karla\AppData\Local\Apps
[2011/11/24 23:12:01 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/24 23:09:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/11/24 23:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/11/24 23:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/24 23:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/11/24 23:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/11/21 21:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/19 10:31:28 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/19 10:31:28 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/11/19 10:31:27 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/11/19 10:31:27 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/19 10:31:27 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/11/19 10:31:27 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/11/19 10:31:27 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/19 10:31:27 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/11/19 10:31:27 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/19 10:31:27 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/19 10:31:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/19 10:31:26 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/11/19 10:31:26 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/11/19 10:31:24 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/11/19 10:30:52 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011/11/19 10:30:52 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011/11/19 10:30:52 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/11/19 10:30:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011/11/19 10:30:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011/11/19 10:30:51 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/11/19 10:30:07 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/11/19 10:30:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/11/19 10:28:58 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2011/11/19 10:21:14 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/11/19 10:21:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/11/19 10:21:14 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/11/19 10:21:14 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/11/19 10:21:14 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/11/19 10:21:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/11/19 10:21:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/11/19 10:21:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/26 18:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2009/06/14 18:24:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciserv.dll
[2009/06/14 18:24:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciusb1.dll
[2009/06/14 18:24:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcihbn3.dll
[2009/06/14 18:24:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomc.dll
[2009/06/14 18:24:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipmui.dll
[2009/06/14 18:24:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcilmpm.dll
[2009/06/14 18:24:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicoms.exe
[2009/06/14 18:24:19 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomm.dll
[2009/06/14 18:24:19 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciinpa.dll
[2009/06/14 18:24:19 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciiesc.dll
[2009/06/14 18:24:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciih.exe
[2009/06/14 18:24:19 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicfg.exe
[2009/06/14 18:24:19 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcippls.exe
[2009/06/14 18:24:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciprox.dll
[2009/06/14 18:24:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipplc.dll
[2009/01/12 08:00:35 | 001,526,576 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax9f.exe
========== Files - Modified Within 30 Days ========== [2011/11/25 16:40:54 | 000,000,512 | ---- | M] () -- C:\Users\Karla\Desktop\MBR.dat
[2011/11/25 16:39:22 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Karla\Desktop\aswMBR.exe
[2011/11/25 16:36:03 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Karla\Desktop\tdsskiller.exe
[2011/11/25 16:35:31 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{878A6B74-34F7-45AC-8FEC-A0D5E5567103}.job
[2011/11/25 16:32:12 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 16:31:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-496822439-3291657786-1735164273-1003UA.job
[2011/11/25 16:22:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/11/25 16:18:44 | 000,756,644 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/25 16:18:44 | 000,642,392 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/25 16:18:44 | 000,118,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/25 16:13:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/25 16:12:49 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/25 16:11:08 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/25 16:11:04 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011/11/25 16:10:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 16:10:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 16:10:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 15:39:19 | 004,307,453 | R--- | M] (Swearware) -- C:\Users\Karla\Desktop\ComboFix.exe
[2011/11/25 15:20:32 | 000,000,972 | ---- | M] () -- C:\Users\Karla\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/25 15:20:32 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 15:18:04 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Karla\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/25 09:56:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karla\Desktop\OTL.exe
[2011/11/24 23:12:00 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/11/24 23:11:57 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/24 23:09:32 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/22 10:31:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-496822439-3291657786-1735164273-1003Core.job
[2011/11/21 21:35:53 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/20 21:44:46 | 000,033,355 | ---- | M] () -- C:\Users\Karla\Documents\Employment Search information.odt
[2011/11/20 15:36:36 | 000,022,996 | ---- | M] () -- C:\Users\Karla\Documents\Balance of Dad's cash.ods
[2011/11/20 08:58:34 | 000,020,291 | ---- | M] () -- C:\Users\Karla\Documents\Unemployment Account Balances.ods
[2011/11/19 11:40:01 | 000,408,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/19 11:17:07 | 000,709,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/19 11:12:08 | 000,000,422 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2011/11/18 11:33:01 | 000,002,004 | ---- | M] () -- C:\Users\Karla\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 11:33:00 | 000,002,042 | ---- | M] () -- C:\Users\Karla\Desktop\Google Chrome.lnk
[2011/11/10 22:31:08 | 000,011,197 | ---- | M] () -- C:\Users\Karla\Documents\To do list while Kirbee is in Indy.odt
[2011/10/31 12:47:27 | 000,010,660 | ---- | M] () -- C:\Users\Karla\Documents\Places in Greenwood for Kirbee.odt
[2011/10/26 18:10:23 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
========== Files Created - No Company Name ========== [2011/11/25 16:40:54 | 000,000,512 | ---- | C] () -- C:\Users\Karla\Desktop\MBR.dat
[2011/11/25 15:41:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/25 15:41:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/25 15:41:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/25 15:41:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/25 15:41:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/25 15:20:32 | 000,000,972 | ---- | C] () -- C:\Users\Karla\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/25 15:20:32 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 09:32:33 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/25 01:02:16 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/24 23:09:32 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/21 21:35:53 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/06 22:21:30 | 000,011,197 | ---- | C] () -- C:\Users\Karla\Documents\To do list while Kirbee is in Indy.odt
[2011/10/31 11:08:11 | 000,010,660 | ---- | C] () -- C:\Users\Karla\Documents\Places in Greenwood for Kirbee.odt
[2011/10/26 18:10:23 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/05 20:44:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/07/05 20:43:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/07/05 20:42:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/01/07 21:22:53 | 000,012,288 | ---- | C] () -- C:\Users\Karla\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/12 07:51:18 | 000,217,942 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/06/14 18:54:22 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/06/14 18:53:30 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2009/06/14 18:53:14 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/06/14 18:24:19 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcicomx.dll
[2009/06/14 18:24:19 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxciinst.dll
[2009/05/15 15:22:30 | 002,101,248 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2009/05/15 15:22:01 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2009/05/15 15:21:51 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2009/05/15 15:11:28 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\SBarHook.DLL
[2009/05/15 14:55:05 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/05/15 14:55:02 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/05/15 14:55:00 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/01/12 07:28:33 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/01/12 07:04:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/08/27 20:29:00 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\OnekeyDM.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
< End of report >
OTL Extras logfile created on: 11/25/2011 4:42:33 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Karla\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 50.12% Memory free
8.11 Gb Paging File | 6.24 Gb Available in Paging File | 76.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252.95 Gb Total Space | 172.06 Gb Free Space | 68.02% Space Free | Partition Type: NTFS
Drive D: | 30.38 Gb Total Space | 28.44 Gb Free Space | 93.60% Space Free | Partition Type: NTFS
Computer Name: FARNSLEYHOME | User Name: Karla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 26 D4 E3 EB 83 3B CC 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000B34C2-242E-411F-AB20-AAD83EEE7ADF}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcicoms.exe |
"{043D8326-D2EC-4C04-85D2-2D8C1EC8945A}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{142E3591-31D9-4E91-BA34-36F5AD149C75}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\readycomm.exe |
"{17C45F7C-FDF7-4DDC-8871-AA8BA59143C1}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{4446E6A6-167D-4A38-9CB6-F9DBE3DA3C9F}" = protocol=6 | dir=in | app=c:\program files (x86)\at&t global network client\netclient.exe |
"{52A15E3F-2C71-421F-9FBD-CC6C4820C073}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcipswx.exe |
"{6599E7BA-8CF1-4535-9E63-40FD15B3246A}" = protocol=17 | dir=in | app=c:\program files (x86)\at&t global network client\netclient.exe |
"{82313C93-1BDF-477E-8C2F-29F4FB3236CE}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{8362FBF1-D0E7-44FD-9206-8C098BAAEE99}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{8F94E13B-5E55-451D-AB96-65CB6F88F1C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcicoms.exe |
"{930EF80C-BC20-4C00-A795-7D8EE56FE960}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{A16C591B-04C2-42AA-BC50-170273213374}" = protocol=6 | dir=in | app=c:\windows\system32\lxcicoms.exe |
"{AE843560-ED1D-4C61-B444-61147E49BA82}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\filereceiver.exe |
"{CBA450E5-F089-42D7-B9F1-EA1832D90255}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcipswx.exe |
"{DD1852F0-AF65-461D-AF65-48DE5ADF4105}" = protocol=17 | dir=in | app=c:\windows\system32\lxcicoms.exe |
"{E363D595-4CC4-4AFB-877E-5EFB3D5E8BC3}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{F0E158D3-6532-4CEC-9D7F-0B33171CF565}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\readycomm.exe |
"{F51B4B50-046A-4946-828B-476DB095B9DB}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\filereceiver.exe |
"{FA5AFA03-3A2F-4F25-9C07-0A8166930ED3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{386065BF-51B7-4E9D-8C7A-575DCB8818F2}C:\program files (x86)\ibm\sametime connect\jre\bin\sametime75.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\sametime connect\jre\bin\sametime75.exe |
"UDP Query User{DD365AE1-9669-4BC2-AAD4-0BE5A9E2B3C9}C:\program files (x86)\ibm\sametime connect\jre\bin\sametime75.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\sametime connect\jre\bin\sametime75.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08BE46F7-166A-4716-8603-75518EA54B3F}" = Driver Installer
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{27FF7C6D-8E44-4BB4-BD17-955EA0CFA373}" = Diskeeper 2008 Professional
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"7D4044978059DC8916896568EDDF0E875D1FA4EC" = Windows Driver Package - Lenovo (ACPIVPC) System (10/15/2008 3.1.0.1)
"87B8039CA0CD7A68D9536013C2495013C4B4B168" = Windows Driver Package - ENE (enecir) HIDClass (11/19/2008 2.7.0.2)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{230B9098-A165-491F-B499-8F41AA7139F6}" = WorldWinner Games
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 22
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{6345DBAE-79E8-443A-9A21-926DA3998A70}" = Lenovo First Boot
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{720264BB-47DB-4728-9B00-AEA049576F48}" = Lenovo Idea Notes
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}" = IBM Lotus Sametime Connect 7.5.1
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9B304612-421E-4CC3-84A1-5BAAC1CBE409}" = Onekey Theater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AEEAE03F-DEB4-461B-ACC2-FFA7BFAA7178}" = SlideBar Driver
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C7FB1A71-D808-4CD2-997D-837B39EA7EB0}" = DIBS
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EFDD7E37-19B9-42BC-8200-4680F52ED786}" = AT&T Global Network Client LaptopConnect Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Cooking Dash - DinerTown Studios" = Cooking Dash - DinerTown Studios (remove only)
"Diner Dash 2" = Diner Dash 2
"EasyCapture3.5" = EasyCapture
"InstallShield_{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"InstallShield_{9B304612-421E-4CC3-84A1-5BAAC1CBE409}" = Onekey Theater
"InstallShield_{AEEAE03F-DEB4-461B-ACC2-FFA7BFAA7178}" = SlideBar Driver
"Lenovo Idea Central" = Lenovo Idea Central
"Lexmark 7300 Series" = Lexmark 7300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Picasa 3" = Picasa 3
"StartNow Toolbar" = StartNow Toolbar
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.0.3
"WildTangent wildgames Master Uninstall" = WildGames
"Windows Live Toolbar" = Windows Live Toolbar
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Home Sweet Home" = Home Sweet Home
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 11/9/2011 8:45:45 PM | Computer Name = FarnsleyHome | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/9/2011 9:35:57 PM | Computer Name = FarnsleyHome | Source = Windows Search Service | ID = 3013
Description =
Error - 11/10/2011 10:39:23 PM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =
Error - 11/11/2011 6:24:12 PM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =
Error - 11/11/2011 6:27:01 PM | Computer Name = FarnsleyHome | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/11/2011 6:27:08 PM | Computer Name = FarnsleyHome | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/13/2011 10:07:04 AM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =
Error - 11/14/2011 11:38:37 AM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =
Error - 11/14/2011 9:56:43 PM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =
Error - 11/15/2011 9:51:20 AM | Computer Name = FarnsleyHome | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 11/1/2010 8:30:37 PM | Computer Name = FarnsleyHome | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 4/7/2011 1:48:06 PM | Computer Name = FarnsleyHome | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 11/19/2011 12:13:24 PM | Computer Name = FarnsleyHome | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 11/19/2011 12:20:42 PM | Computer Name = FarnsleyHome | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 11/22/2011 6:26:25 PM | Computer Name = FarnsleyHome | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.105 for the Network Card with network
address 0022FAB92EBE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 11/25/2011 10:32:31 AM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7009
Description =
Error - 11/25/2011 10:32:31 AM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7000
Description =
Error - 11/25/2011 4:40:42 PM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7034
Description =
Error - 11/25/2011 4:52:20 PM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7030
Description =
Error - 11/25/2011 4:59:41 PM | Computer Name = FarnsleyHome | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 11/25/2011 5:09:20 PM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7030
Description =
Error - 11/25/2011 5:11:07 PM | Computer Name = FarnsleyHome | Source = Service Control Manager | ID = 7026
Description =
< End of report >