TechSpot

Search links redirected

By alexia2525
Feb 8, 2012
  1. Hello,
    When I use google to search and click on the results links, I am redirected to random websites. I use AVG and Spybots which have not solved the problem. Any help would be greatly appreciated. I followed your 5 steps and here are my logs:

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.09.01

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Alex :: ALEX-PC [administrator]

    Protection: Disabled

    2/8/2012 7:46:27 PM
    mbam-log-2012-02-08 (19-46-27).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 178756
    Time elapsed: 4 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8Z0LT73\navcancl[2] 0 bytes

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Alex at 20:46:01 on 2012-02-08
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4056.2160 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    C:\Program Files (x86)\Compal\TmlCMode\TmlCMode.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [Energy Management] "C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
    mRun: [EnergyUtility] "C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
    mRun: [TmlCMode] C:\Program Files (x86)\Compal\TmlCMode\TmlCMode.exe
    mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
    TCP: Interfaces\{30AE9DAF-C64A-4E3E-B211-9687BF252C76} : DhcpNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{F795AEEA-6978-45C4-8C3B-AD428CDFCFBA} : DhcpNameServer = 167.206.251.129 167.206.251.130
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    mRun-x64: [Energy Management] "C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
    mRun-x64: [EnergyUtility] "C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
    mRun-x64: [TmlCMode] C:\Program Files (x86)\Compal\TmlCMode\TmlCMode.exe
    mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wm51n1e4.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B466b4273-6f86-42e3-8e95-3258532723be%7D&mid=4c7223c9798147d68137d16a1cf4f288-fb466962c3a5a5ecbc4f36b40361249fa830a644&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-02-05%2019%3A18%3A10&sap=ku&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2007-10-25 17192]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 funfrm;funfrm;C:\Windows\system32\drivers\funfrm.sys --> C:\Windows\system32\drivers\funfrm.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-12-18 430080]
    R2 tvtumon;tvtumon;C:\Windows\system32\DRIVERS\tvtumon.sys --> C:\Windows\system32\DRIVERS\tvtumon.sys [?]
    R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-2-5 909152]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\system32\DRIVERS\AcpiVpc.sys --> C:\Windows\system32\DRIVERS\AcpiVpc.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
    R3 enecirhid;ENE CIR HID Receiver;C:\Windows\system32\DRIVERS\enecirhid.sys --> C:\Windows\system32\DRIVERS\enecirhid.sys [?]
    R3 enecirhidma;ENE CIR HIDmini Filter;C:\Windows\system32\DRIVERS\enecirhidma.sys --> C:\Windows\system32\DRIVERS\enecirhidma.sys [?]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 NETwNv64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwNv64.sys --> C:\Windows\system32\DRIVERS\NETwNv64.sys [?]
    R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
    R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
    R3 vm331avs;Lenovo EasyCamera;C:\Windows\system32\Drivers\vm331avs.sys --> C:\Windows\system32\Drivers\vm331avs.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-14 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-14 136176]
    S3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
    S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys --> C:\Windows\system32\drivers\WSVD.sys [?]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-02-09 00:44:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-09 00:44:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-09 00:16:17 -------- d-----w- C:\Program Files (x86)\ESET
    2012-02-07 20:00:24 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVG
    2012-02-06 00:26:39 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVG2012
    2012-02-06 00:18:08 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-02-06 00:18:02 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-02-06 00:18:02 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-02-06 00:17:32 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-02-05 23:26:11 -------- d-----w- C:\Program Files\CCleaner
    2012-02-05 03:02:49 -------- d-----w- C:\Documents2
    2012-02-03 18:06:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy1
    2012-02-03 17:50:55 15795464 ----a-w- C:\Users\Alex\Firefox Setup 10.0_1.exe
    2012-02-03 06:47:48 -------- d-----w- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-01 05:10:32 -------- d-----w- C:\Windows\PCHEALTH
    2012-02-01 05:08:19 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-02-01 05:07:23 -------- d-----w- C:\Users\Alex\AppData\Local\Microsoft Help
    2012-02-01 02:40:15 -------- d-----w- C:\Users\Alex\AppData\Roaming\TestApp
    2012-02-01 02:40:15 -------- d-----w- C:\ProgramData\PC Tools
    2012-01-31 13:31:12 94720 ----a-w- C:\Windows\System32\secur32.dll
    2012-01-31 13:31:12 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-01-31 13:31:12 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-01-31 13:31:12 442368 ----a-w- C:\Windows\System32\winhttp.dll
    2012-01-31 13:31:12 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2012-01-31 13:31:12 347136 ----a-w- C:\Windows\System32\schannel.dll
    2012-01-31 13:31:12 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-01-31 13:31:12 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
    2012-01-31 13:31:12 11264 ----a-w- C:\Windows\System32\lsass.exe
    2012-01-28 19:05:16 -------- d-----w- C:\Program Files\iPod
    2012-01-28 19:05:14 -------- d-----w- C:\Program Files\iTunes
    2012-01-28 19:05:14 -------- d-----w- C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
    2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-23 11:38:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
    2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
    2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
    .
    ============= FINISH: 20:53:53.07 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/5/2011 6:41:25 PM
    System Uptime: 2/8/2012 7:01:49 PM (1 hours ago)
    .
    Motherboard: LENOVO | | JITR1
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 240 GiB total, 176.126 GiB free.
    D: is FIXED (NTFS) - 39 GiB total, 37.227 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.2)
    Amazon Kindle
    Apple Application Support
    Apple Software Update
    EasyCapture
    EMSC
    Energy Management
    ESET Online Scanner v3
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java Auto Updater
    Java(TM) 6 Update 24
    Lenovo EasyCamera
    Lenovo First Boot
    Lenovo OneKey Recovery
    Lenovo System Repair - Windows Update Monitor
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 10.0 (x86 en-US)
    OpenOffice.org 3.0
    Power2Go
    QuickTime
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype™ 5.3
    Spelling Dictionaries Support For Adobe Reader 8
    SWelCntr
    TmlCMode
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. alexia2525

    alexia2525 TS Rookie Topic Starter

    Hi,

    When I clink on your link for aswMBR, a window pops up asking me if I want to save file. When I click save, the file downloads. After I open the file, another window opens asking me if I want to allow the program to run, and I click allow. After this nothing happens. Should I go directly to the avast site to download?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    No. Proceed with Bootkit Remover.
     
  5. alexia2525

    alexia2525 TS Rookie Topic Starter

    Ok, here it is:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  7. alexia2525

    alexia2525 TS Rookie Topic Starter

    ListParts by Farbar
    Ran by Alex on 09-02-2012 at 19:50:54
    Windows Vista (X64)
    Running From: C:\Users\Alex\Downloads
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 46%
    Total physical RAM: 4055.68 MB
    Available physical RAM: 2154.24 MB
    Total Pagefile: 8308.64 MB
    Available Pagefile: 6329.77 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.92 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:240.21 GB) (Free:175.6 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
    2 Drive d: (LENOVO) (Fixed) (Total:38.99 GB) (Free:37.21 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 240 GB 1024 KB
    Partition 0 Extended 39 GB 240 GB
    Partition 3 Logical 39 GB 240 GB
    Partition 2 OEM 19 GB 279 GB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  9. alexia2525

    alexia2525 TS Rookie Topic Starter

    It says:
    ***Infected MBR detected
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very well.

    Post new Bootkit Remover log.
     
  11. alexia2525

    alexia2525 TS Rookie Topic Starter

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: 16bb08ba9cabb5844b084485e91769e3

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good job :)

    See if aswMBR will run now.
     
  13. alexia2525

    alexia2525 TS Rookie Topic Starter

    I've developed a new problem. My computer has started randomly shutting down. A blue screen with white writing appears which says that windows needs to shut down in order to prevent damage and that it has to do with modification of a system code or a change in data structure. It says to restart if this is the first time I've seen the message, and if I have seen it before, than it has to do with recently downloaded software (obviously, this is not verbatim). There is more writing, but my comp. shuts down before I can read it all.

    aswMBR is working now, but I was not able to complete a scan due to the computer shutting down.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Try to run it from safe mode.
     
  15. alexia2525

    alexia2525 TS Rookie Topic Starter

    That worked :)

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-10 15:36:09
    -----------------------------
    15:36:09.508 OS Version: Windows x64 6.0.6002 Service Pack 2
    15:36:09.508 Number of processors: 2 586 0x170A
    15:36:09.508 ComputerName: ALEX-PC UserName: Alex
    15:36:12.192 Initialize success
    15:36:45.576 AVAST engine defs: 12021000
    15:36:51.488 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:36:51.488 Disk 0 Vendor: WDC_WD3200BEVT-00A0RT0 01.01A01 Size: 305245MB BusType: 3
    15:36:51.488 Disk 0 MBR read successfully
    15:36:51.488 Disk 0 MBR scan
    15:36:51.504 Disk 0 MBR:Alureon-K [Rtk]
    15:36:51.504 Disk 0 TDL4@MBR code has been found
    15:36:51.519 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 245974 MB offset 2048
    15:36:51.519 Disk 0 Partition - 00 0F Extended LBA 39929 MB offset 503756800
    15:36:51.550 Disk 0 Partition 2 00 12 Compaq diag NTFS 19340 MB offset 585531392
    15:36:51.582 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 39928 MB offset 503758848
    15:36:51.597 Disk 0 MBR [TDL4] **ROOTKIT**
    15:36:51.597 Service scanning
    15:36:54.249 Modules scanning
    15:36:54.249 Disk 0 trace - called modules:
    15:36:54.265 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    15:36:54.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004df9060]
    15:36:54.265 3 CLASSPNP.SYS[fffffa6000dcec33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004be3940]
    15:36:54.982 AVAST engine scan C:\Windows
    15:36:57.244 AVAST engine scan C:\Windows\system32
    15:39:31.528 AVAST engine scan C:\Windows\system32\drivers
    15:39:42.074 AVAST engine scan C:\Users\Alex
    15:42:36.622 AVAST engine scan C:\ProgramData
    15:43:52.532 Scan finished successfully
    15:48:08.029 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
    15:48:08.029 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  17. alexia2525

    alexia2525 TS Rookie Topic Starter

    15:56:12.0058 1640 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
    15:56:12.0446 1640 ============================================================
    15:56:12.0446 1640 Current date / time: 2012/02/10 15:56:12.0446
    15:56:12.0446 1640 SystemInfo:
    15:56:12.0446 1640
    15:56:12.0447 1640 OS Version: 6.0.6002 ServicePack: 2.0
    15:56:12.0447 1640 Product type: Workstation
    15:56:12.0447 1640 ComputerName: ALEX-PC
    15:56:12.0447 1640 UserName: Alex
    15:56:12.0447 1640 Windows directory: C:\Windows
    15:56:12.0447 1640 System windows directory: C:\Windows
    15:56:12.0447 1640 Running under WOW64
    15:56:12.0447 1640 Processor architecture: Intel x64
    15:56:12.0447 1640 Number of processors: 2
    15:56:12.0447 1640 Page size: 0x1000
    15:56:12.0447 1640 Boot type: Safe boot with network
    15:56:12.0447 1640 ============================================================
    15:56:13.0616 1640 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:56:13.0620 1640 \Device\Harddisk0\DR0:
    15:56:13.0620 1640 MBR used
    15:56:13.0620 1640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1E06B000
    15:56:13.0640 1640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E06C000, BlocksNum 0x4DFC000
    15:56:13.0745 1640 Initialize success
    15:56:13.0745 1640 ============================================================
    15:56:29.0180 1284 ============================================================
    15:56:29.0180 1284 Scan started
    15:56:29.0181 1284 Mode: Manual;
    15:56:29.0181 1284 ============================================================
    15:56:29.0703 1284 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    15:56:29.0707 1284 ACPI - ok
    15:56:29.0743 1284 ACPIVPC (2e68544bce94de6677f700cf1d582b6d) C:\Windows\system32\DRIVERS\AcpiVpc.sys
    15:56:29.0744 1284 ACPIVPC - ok
    15:56:29.0884 1284 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    15:56:29.0890 1284 adp94xx - ok
    15:56:29.0930 1284 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    15:56:29.0934 1284 adpahci - ok
    15:56:29.0963 1284 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    15:56:29.0964 1284 adpu160m - ok
    15:56:29.0991 1284 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    15:56:29.0993 1284 adpu320 - ok
    15:56:30.0088 1284 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
    15:56:30.0094 1284 AFD - ok
    15:56:30.0148 1284 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    15:56:30.0149 1284 agp440 - ok
    15:56:30.0174 1284 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    15:56:30.0175 1284 aic78xx - ok
    15:56:30.0219 1284 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
    15:56:30.0219 1284 aliide - ok
    15:56:30.0247 1284 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    15:56:30.0248 1284 amdide - ok
    15:56:30.0286 1284 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    15:56:30.0287 1284 AmdK8 - ok
    15:56:30.0410 1284 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    15:56:30.0411 1284 arc - ok
    15:56:30.0444 1284 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    15:56:30.0445 1284 arcsas - ok
    15:56:30.0476 1284 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:56:30.0476 1284 AsyncMac - ok
    15:56:30.0499 1284 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
    15:56:30.0500 1284 atapi - ok
    15:56:30.0614 1284 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    15:56:30.0615 1284 AVGIDSDriver - ok
    15:56:30.0632 1284 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    15:56:30.0632 1284 AVGIDSEH - ok
    15:56:30.0665 1284 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    15:56:30.0666 1284 AVGIDSFilter - ok
    15:56:30.0712 1284 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
    15:56:30.0716 1284 Avgldx64 - ok
    15:56:30.0732 1284 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
    15:56:30.0733 1284 Avgmfx64 - ok
    15:56:30.0835 1284 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
    15:56:30.0836 1284 Avgrkx64 - ok
    15:56:30.0876 1284 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
    15:56:30.0878 1284 Avgtdia - ok
    15:56:31.0099 1284 b57nd60a (635868361f9878ea65ab417628f834ef) C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:56:31.0102 1284 b57nd60a - ok
    15:56:31.0170 1284 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    15:56:31.0171 1284 blbdrive - ok
    15:56:31.0210 1284 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
    15:56:31.0211 1284 bowser - ok
    15:56:31.0319 1284 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    15:56:31.0320 1284 BrFiltLo - ok
    15:56:31.0342 1284 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    15:56:31.0342 1284 BrFiltUp - ok
    15:56:31.0377 1284 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    15:56:31.0377 1284 Brserid - ok
    15:56:31.0394 1284 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    15:56:31.0395 1284 BrSerWdm - ok
    15:56:31.0421 1284 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    15:56:31.0421 1284 BrUsbMdm - ok
    15:56:31.0440 1284 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    15:56:31.0440 1284 BrUsbSer - ok
    15:56:31.0479 1284 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    15:56:31.0480 1284 BTHMODEM - ok
    15:56:31.0547 1284 CAXHWAZL (cd69e6640bc4778eb4159d34a707106e) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
    15:56:31.0550 1284 CAXHWAZL - ok
    15:56:31.0600 1284 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    15:56:31.0601 1284 cdfs - ok
    15:56:31.0630 1284 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    15:56:31.0631 1284 cdrom - ok
    15:56:31.0660 1284 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
    15:56:31.0660 1284 circlass - ok
    15:56:31.0715 1284 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    15:56:31.0719 1284 CLFS - ok
    15:56:31.0843 1284 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:56:31.0843 1284 CmBatt - ok
    15:56:31.0893 1284 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    15:56:31.0894 1284 cmdide - ok
    15:56:31.0932 1284 CnxtHdAudService (61be6f20c234e9a2939078a7c7c40457) C:\Windows\system32\drivers\CHDRT64.sys
    15:56:31.0935 1284 CnxtHdAudService - ok
    15:56:31.0955 1284 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
    15:56:31.0955 1284 Compbatt - ok
    15:56:31.0965 1284 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    15:56:31.0966 1284 crcdisk - ok
    15:56:32.0024 1284 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
    15:56:32.0025 1284 DfsC - ok
    15:56:32.0161 1284 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    15:56:32.0161 1284 disk - ok
    15:56:32.0253 1284 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    15:56:32.0254 1284 drmkaud - ok
    15:56:32.0320 1284 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    15:56:32.0332 1284 DXGKrnl - ok
    15:56:32.0381 1284 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    15:56:32.0382 1284 E1G60 - ok
    15:56:32.0421 1284 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    15:56:32.0423 1284 Ecache - ok
    15:56:32.0451 1284 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    15:56:32.0457 1284 elxstor - ok
    15:56:32.0535 1284 EMSC (d11bc13a0622230687fe5e119ae7e823) C:\Windows\system32\DRIVERS\EMSC.SYS
    15:56:32.0536 1284 EMSC - ok
    15:56:32.0547 1284 enecir (0e3f3301052673cf16813e65d5de98ad) C:\Windows\system32\DRIVERS\enecir.sys
    15:56:32.0548 1284 enecir - ok
    15:56:32.0586 1284 enecirhid (b0b0c493609e40bd9e1b8f2aa9ccbedc) C:\Windows\system32\DRIVERS\enecirhid.sys
    15:56:32.0587 1284 enecirhid - ok
    15:56:32.0601 1284 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\Windows\system32\DRIVERS\enecirhidma.sys
    15:56:32.0601 1284 enecirhidma - ok
    15:56:32.0653 1284 ErrDev (c2d322c84530db37d3e8e1c7e011bf16) C:\Windows\system32\drivers\errdev.sys
    15:56:32.0654 1284 ErrDev - ok
    15:56:32.0683 1284 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    15:56:32.0685 1284 exfat - ok
    15:56:32.0709 1284 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    15:56:32.0711 1284 fastfat - ok
    15:56:32.0729 1284 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    15:56:32.0729 1284 fdc - ok
    15:56:32.0757 1284 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    15:56:32.0757 1284 FileInfo - ok
    15:56:32.0777 1284 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    15:56:32.0778 1284 Filetrace - ok
    15:56:32.0819 1284 FixTDSS (00940c5e43282206994659d16b4ac412) C:\Windows\system32\drivers\FixTDSS.sys
    15:56:32.0819 1284 FixTDSS - ok
    15:56:32.0864 1284 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:56:32.0864 1284 flpydisk - ok
    15:56:32.0898 1284 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    15:56:32.0901 1284 FltMgr - ok
    15:56:32.0931 1284 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
    15:56:32.0932 1284 Fs_Rec - ok
    15:56:32.0959 1284 funfrm (08e5f5eef1f2637ecc64517d75599064) C:\Windows\system32\drivers\funfrm.sys
    15:56:32.0959 1284 funfrm - ok
    15:56:33.0002 1284 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    15:56:33.0002 1284 gagp30kx - ok
    15:56:33.0031 1284 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:56:33.0031 1284 GEARAspiWDM - ok
    15:56:33.0219 1284 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:56:33.0238 1284 HDAudBus - ok
    15:56:33.0293 1284 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    15:56:33.0293 1284 HidBth - ok
    15:56:33.0345 1284 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
    15:56:33.0345 1284 HidIr - ok
    15:56:33.0389 1284 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
    15:56:33.0390 1284 HidUsb - ok
    15:56:33.0428 1284 HpCISSs (a27e8af2caac5e2693e6d4e2fce9b54f) C:\Windows\system32\drivers\hpcisss.sys
    15:56:33.0429 1284 HpCISSs - ok
    15:56:33.0506 1284 HSF_DPV (ebdba99c2362457be429f024396b63be) C:\Windows\system32\DRIVERS\CAX_DPV.sys
    15:56:33.0538 1284 HSF_DPV - ok
    15:56:33.0587 1284 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    15:56:33.0596 1284 HTTP - ok
    15:56:33.0637 1284 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    15:56:33.0638 1284 i2omp - ok
    15:56:33.0676 1284 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    15:56:33.0676 1284 i8042prt - ok
    15:56:33.0699 1284 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    15:56:33.0703 1284 iaStorV - ok
    15:56:34.0028 1284 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
    15:56:34.0236 1284 igfx - ok
    15:56:34.0325 1284 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    15:56:34.0326 1284 iirsp - ok
    15:56:34.0397 1284 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys
    15:56:34.0398 1284 IntcHdmiAddService - ok
    15:56:34.0428 1284 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    15:56:34.0428 1284 intelide - ok
    15:56:34.0455 1284 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    15:56:34.0456 1284 intelppm - ok
    15:56:34.0481 1284 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:56:34.0482 1284 IpFilterDriver - ok
    15:56:34.0503 1284 IpInIp - ok
    15:56:34.0523 1284 IPMIDRV (e41dd7038db14ae9d35b47b10bdce58a) C:\Windows\system32\drivers\ipmidrv.sys
    15:56:34.0524 1284 IPMIDRV - ok
    15:56:34.0549 1284 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    15:56:34.0550 1284 IPNAT - ok
    15:56:34.0590 1284 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    15:56:34.0591 1284 IRENUM - ok
    15:56:34.0715 1284 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    15:56:34.0715 1284 isapnp - ok
    15:56:34.0758 1284 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    15:56:34.0759 1284 iScsiPrt - ok
    15:56:34.0776 1284 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    15:56:34.0776 1284 iteatapi - ok
    15:56:34.0803 1284 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    15:56:34.0803 1284 iteraid - ok
    15:56:34.0824 1284 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:56:34.0825 1284 kbdclass - ok
    15:56:34.0838 1284 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
    15:56:34.0839 1284 kbdhid - ok
    15:56:34.0882 1284 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
    15:56:34.0889 1284 KSecDD - ok
    15:56:34.0946 1284 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    15:56:34.0947 1284 ksthunk - ok
    15:56:34.0968 1284 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    15:56:34.0969 1284 lltdio - ok
    15:56:34.0999 1284 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    15:56:35.0000 1284 LSI_FC - ok
    15:56:35.0018 1284 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    15:56:35.0019 1284 LSI_SAS - ok
    15:56:35.0037 1284 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    15:56:35.0038 1284 LSI_SCSI - ok
    15:56:35.0058 1284 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    15:56:35.0059 1284 luafv - ok
    15:56:35.0188 1284 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    15:56:35.0188 1284 mdmxsdk - ok
    15:56:35.0288 1284 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    15:56:35.0289 1284 megasas - ok
    15:56:35.0426 1284 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    15:56:35.0431 1284 MegaSR - ok
    15:56:35.0580 1284 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    15:56:35.0580 1284 Modem - ok
    15:56:35.0732 1284 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    15:56:35.0733 1284 monitor - ok
    15:56:35.0776 1284 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    15:56:35.0777 1284 mouclass - ok
    15:56:35.0939 1284 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    15:56:35.0940 1284 mouhid - ok
    15:56:35.0981 1284 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    15:56:35.0982 1284 MountMgr - ok
    15:56:36.0127 1284 mpio (cbb01a298cb24d250017cea54884bba8) C:\Windows\system32\drivers\mpio.sys
    15:56:36.0128 1284 mpio - ok
    15:56:36.0155 1284 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    15:56:36.0155 1284 mpsdrv - ok
    15:56:36.0179 1284 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    15:56:36.0180 1284 Mraid35x - ok
    15:56:36.0202 1284 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    15:56:36.0204 1284 MRxDAV - ok
    15:56:36.0236 1284 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:56:36.0237 1284 mrxsmb - ok
    15:56:36.0279 1284 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:56:36.0282 1284 mrxsmb10 - ok
    15:56:36.0316 1284 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:56:36.0317 1284 mrxsmb20 - ok
    15:56:36.0466 1284 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
    15:56:36.0466 1284 msahci - ok
    15:56:36.0507 1284 msdsm (0db324146494d45417905b7009858937) C:\Windows\system32\drivers\msdsm.sys
    15:56:36.0509 1284 msdsm - ok
    15:56:36.0592 1284 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    15:56:36.0593 1284 Msfs - ok
    15:56:36.0691 1284 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    15:56:36.0691 1284 msisadrv - ok
    15:56:36.0761 1284 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    15:56:36.0762 1284 MSKSSRV - ok
    15:56:36.0831 1284 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:56:36.0832 1284 MSPCLOCK - ok
    15:56:36.0849 1284 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    15:56:36.0850 1284 MSPQM - ok
    15:56:36.0876 1284 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    15:56:36.0879 1284 MsRPC - ok
    15:56:36.0898 1284 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    15:56:36.0898 1284 mssmbios - ok
    15:56:36.0914 1284 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    15:56:36.0914 1284 MSTEE - ok
    15:56:36.0935 1284 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    15:56:36.0936 1284 Mup - ok
    15:56:37.0095 1284 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
    15:56:37.0097 1284 NativeWifiP - ok
    15:56:37.0242 1284 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
    15:56:37.0252 1284 NDIS - ok
    15:56:37.0343 1284 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:56:37.0344 1284 NdisTapi - ok
    15:56:37.0435 1284 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:56:37.0435 1284 Ndisuio - ok
    15:56:37.0523 1284 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:56:37.0524 1284 NdisWan - ok
    15:56:37.0565 1284 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    15:56:37.0566 1284 NDProxy - ok
    15:56:37.0603 1284 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    15:56:37.0604 1284 NetBIOS - ok
    15:56:37.0619 1284 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
    15:56:37.0622 1284 netbt - ok
    15:56:37.0845 1284 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
    15:56:37.0966 1284 NETw5v64 - ok
    15:56:38.0270 1284 NETwNv64 (8ea525c4ad4634ae5f6a23de586fa429) C:\Windows\system32\DRIVERS\NETwNv64.sys
    15:56:38.0447 1284 NETwNv64 - ok
    15:56:38.0609 1284 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    15:56:38.0610 1284 nfrd960 - ok
    15:56:38.0709 1284 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    15:56:38.0710 1284 Npfs - ok
    15:56:38.0795 1284 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    15:56:38.0795 1284 nsiproxy - ok
    15:56:38.0874 1284 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    15:56:38.0905 1284 Ntfs - ok
    15:56:39.0047 1284 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    15:56:39.0048 1284 Null - ok
    15:56:39.0119 1284 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    15:56:39.0120 1284 nvraid - ok
    15:56:39.0232 1284 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    15:56:39.0233 1284 nvstor - ok
    15:56:39.0249 1284 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    15:56:39.0250 1284 nv_agp - ok
    15:56:39.0257 1284 NwlnkFlt - ok
    15:56:39.0265 1284 NwlnkFwd - ok
    15:56:39.0326 1284 O2MDRDR (1fbb63bd15d25b022dc986d463f94219) C:\Windows\system32\DRIVERS\o2mdx64.sys
    15:56:39.0327 1284 O2MDRDR - ok
    15:56:39.0366 1284 O2SDRDR (c88959545b5f598791d30314c7db5718) C:\Windows\system32\DRIVERS\o2sdx64.sys
    15:56:39.0366 1284 O2SDRDR - ok
    15:56:39.0385 1284 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
    15:56:39.0386 1284 ohci1394 - ok
    15:56:39.0447 1284 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    15:56:39.0448 1284 Parport - ok
    15:56:39.0471 1284 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
    15:56:39.0472 1284 partmgr - ok
    15:56:39.0522 1284 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
    15:56:39.0522 1284 PCASp50a64 - ok
    15:56:39.0583 1284 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    15:56:39.0584 1284 pci - ok
    15:56:39.0750 1284 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
    15:56:39.0751 1284 pciide - ok
    15:56:39.0921 1284 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    15:56:39.0923 1284 pcmcia - ok
    15:56:40.0104 1284 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    15:56:40.0113 1284 PEAUTH - ok
    15:56:40.0308 1284 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    15:56:40.0309 1284 PptpMiniport - ok
    15:56:40.0481 1284 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    15:56:40.0481 1284 Processor - ok
    15:56:40.0648 1284 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    15:56:40.0649 1284 PSched - ok
    15:56:40.0814 1284 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    15:56:40.0848 1284 ql2300 - ok
    15:56:41.0013 1284 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    15:56:41.0015 1284 ql40xx - ok
    15:56:41.0051 1284 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    15:56:41.0052 1284 QWAVEdrv - ok
    15:56:41.0166 1284 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    15:56:41.0166 1284 RasAcd - ok
    15:56:41.0211 1284 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:56:41.0213 1284 Rasl2tp - ok
    15:56:41.0235 1284 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:56:41.0236 1284 RasPppoe - ok
    15:56:41.0298 1284 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    15:56:41.0299 1284 RasSstp - ok
    15:56:41.0311 1284 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    15:56:41.0314 1284 rdbss - ok
    15:56:41.0347 1284 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:56:41.0348 1284 RDPCDD - ok
    15:56:41.0379 1284 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\drivers\rdpdr.sys
    15:56:41.0382 1284 rdpdr - ok
    15:56:41.0527 1284 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    15:56:41.0528 1284 RDPENCDD - ok
    15:56:41.0710 1284 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
    15:56:41.0713 1284 RDPWD - ok
    15:56:41.0887 1284 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    15:56:41.0887 1284 RimVSerPort - ok
    15:56:42.0026 1284 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    15:56:42.0027 1284 rspndr - ok
    15:56:42.0216 1284 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    15:56:42.0216 1284 sbp2port - ok
    15:56:42.0410 1284 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    15:56:42.0411 1284 secdrv - ok
    15:56:42.0595 1284 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    15:56:42.0596 1284 Serenum - ok
    15:56:42.0767 1284 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    15:56:42.0768 1284 Serial - ok
    15:56:42.0939 1284 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    15:56:42.0939 1284 sermouse - ok
    15:56:43.0123 1284 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\drivers\sffdisk.sys
    15:56:43.0123 1284 sffdisk - ok
    15:56:43.0286 1284 sffp_mmc (dbbd3fd8af718966af768a754e07e8c0) C:\Windows\system32\drivers\sffp_mmc.sys
    15:56:43.0287 1284 sffp_mmc - ok
    15:56:43.0454 1284 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\drivers\sffp_sd.sys
    15:56:43.0455 1284 sffp_sd - ok
    15:56:43.0620 1284 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    15:56:43.0621 1284 sfloppy - ok
    15:56:43.0788 1284 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    15:56:43.0789 1284 SiSRaid2 - ok
    15:56:43.0959 1284 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    15:56:43.0960 1284 SiSRaid4 - ok
    15:56:44.0134 1284 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    15:56:44.0135 1284 Smb - ok
    15:56:44.0226 1284 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    15:56:44.0227 1284 spldr - ok
    15:56:44.0329 1284 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
    15:56:44.0335 1284 srv - ok
    15:56:44.0465 1284 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
    15:56:44.0467 1284 srv2 - ok
    15:56:44.0597 1284 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
    15:56:44.0598 1284 srvnet - ok
    15:56:44.0741 1284 sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
    15:56:44.0741 1284 sscdbus - ok
    15:56:44.0886 1284 sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    15:56:44.0887 1284 sscdmdfl - ok
    15:56:45.0034 1284 sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
    15:56:45.0036 1284 sscdmdm - ok
    15:56:45.0106 1284 sscdserd (23ebb395609d9cdb8b1074a12254119b) C:\Windows\system32\DRIVERS\sscdserd.sys
    15:56:45.0107 1284 sscdserd - ok
    15:56:45.0223 1284 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    15:56:45.0223 1284 swenum - ok
    15:56:45.0335 1284 swmsflt (d49a1942b3e55e9c20da553a9ea95519) C:\Windows\System32\drivers\swmsflt.sys
    15:56:45.0335 1284 swmsflt - ok
    15:56:45.0497 1284 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    15:56:45.0498 1284 Symc8xx - ok
    15:56:45.0563 1284 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    15:56:45.0564 1284 Sym_hi - ok
    15:56:45.0629 1284 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    15:56:45.0629 1284 Sym_u3 - ok
    15:56:45.0777 1284 SynTP (31bccefee26676453670ea9ed73c06e0) C:\Windows\system32\DRIVERS\SynTP.sys
    15:56:45.0779 1284 SynTP - ok
    15:56:45.0984 1284 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
    15:56:46.0015 1284 Tcpip - ok
    15:56:46.0195 1284 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
    15:56:46.0203 1284 Tcpip6 - ok
    15:56:46.0355 1284 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
    15:56:46.0356 1284 tcpipreg - ok
    15:56:46.0436 1284 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    15:56:46.0437 1284 TDPIPE - ok
    15:56:46.0508 1284 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    15:56:46.0509 1284 TDTCP - ok
    15:56:46.0538 1284 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    15:56:46.0539 1284 tdx - ok
    15:56:46.0575 1284 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    15:56:46.0576 1284 TermDD - ok
    15:56:46.0610 1284 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:56:46.0611 1284 tssecsrv - ok
    15:56:46.0681 1284 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    15:56:46.0682 1284 tunmp - ok
    15:56:46.0788 1284 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
    15:56:46.0789 1284 tunnel - ok
    15:56:46.0911 1284 tvtumon (03c3daa6c16dde7bbeae0e46d0315d84) C:\Windows\system32\DRIVERS\tvtumon.sys
    15:56:46.0912 1284 tvtumon - ok
    15:56:47.0058 1284 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    15:56:47.0058 1284 uagp35 - ok
    15:56:47.0106 1284 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    15:56:47.0110 1284 udfs - ok
    15:56:47.0139 1284 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    15:56:47.0139 1284 uliagpkx - ok
    15:56:47.0221 1284 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    15:56:47.0224 1284 uliahci - ok
    15:56:47.0241 1284 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    15:56:47.0242 1284 UlSata - ok
    15:56:47.0347 1284 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    15:56:47.0349 1284 ulsata2 - ok
    15:56:47.0388 1284 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    15:56:47.0389 1284 umbus - ok
    15:56:47.0421 1284 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    15:56:47.0422 1284 USBAAPL64 - ok
    15:56:47.0537 1284 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
    15:56:47.0538 1284 usbaudio - ok
    15:56:47.0701 1284 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:56:47.0702 1284 usbccgp - ok
    15:56:47.0814 1284 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    15:56:47.0815 1284 usbcir - ok
    15:56:47.0938 1284 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    15:56:47.0939 1284 usbehci - ok
    15:56:48.0016 1284 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    15:56:48.0019 1284 usbhub - ok
    15:56:48.0086 1284 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    15:56:48.0087 1284 usbohci - ok
    15:56:48.0171 1284 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
    15:56:48.0171 1284 usbprint - ok
    15:56:48.0252 1284 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:56:48.0253 1284 USBSTOR - ok
    15:56:48.0399 1284 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    15:56:48.0399 1284 usbuhci - ok
    15:56:48.0499 1284 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:56:48.0500 1284 vga - ok
    15:56:48.0572 1284 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    15:56:48.0572 1284 VgaSave - ok
    15:56:48.0661 1284 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    15:56:48.0661 1284 viaide - ok
    15:56:48.0761 1284 vm331avs (f115688c45706b176b735763c440adb0) C:\Windows\system32\Drivers\vm331avs.sys
    15:56:48.0780 1284 vm331avs - ok
    15:56:48.0927 1284 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    15:56:48.0928 1284 volmgr - ok
    15:56:48.0985 1284 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    15:56:48.0990 1284 volmgrx - ok
    15:56:49.0007 1284 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    15:56:49.0011 1284 volsnap - ok
    15:56:49.0034 1284 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    15:56:49.0036 1284 vsmraid - ok
    15:56:49.0062 1284 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    15:56:49.0063 1284 WacomPen - ok
    15:56:49.0079 1284 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    15:56:49.0080 1284 Wanarp - ok
    15:56:49.0083 1284 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    15:56:49.0084 1284 Wanarpv6 - ok
    15:56:49.0107 1284 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    15:56:49.0107 1284 Wd - ok
    15:56:49.0142 1284 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    15:56:49.0160 1284 Wdf01000 - ok
    15:56:49.0237 1284 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    15:56:49.0238 1284 WimFltr - ok
    15:56:49.0314 1284 winachsf (9e6c63f94d2c3d884a8936e448b1028b) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
    15:56:49.0324 1284 winachsf - ok
    15:56:49.0395 1284 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
    15:56:49.0395 1284 WmiAcpi - ok
    15:56:49.0444 1284 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
    15:56:49.0445 1284 WpdUsb - ok
    15:56:49.0545 1284 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    15:56:49.0546 1284 ws2ifsl - ok
    15:56:49.0581 1284 WSVD (ecdd6cd8d31adf2048ddd1666b53de5c) C:\Windows\system32\drivers\WSVD.sys
    15:56:49.0582 1284 WSVD - ok
    15:56:49.0834 1284 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:56:49.0835 1284 WUDFRd - ok
    15:56:49.0873 1284 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
    15:56:49.0874 1284 XAudio - ok
    15:56:49.0902 1284 MBR (0x1B8) (7c61817ccde09d9c3523e87d5e21c465) \Device\Harddisk0\DR0
    15:56:49.0936 1284 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
    15:56:49.0936 1284 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
    15:56:49.0972 1284 Boot (0x1200) (77dba151e0585b5932e4085e57d905d4) \Device\Harddisk0\DR0\Partition0
    15:56:49.0973 1284 \Device\Harddisk0\DR0\Partition0 - ok
    15:56:50.0006 1284 Boot (0x1200) (ba4f1c1a7dccc32603bcb771815cb023) \Device\Harddisk0\DR0\Partition1
    15:56:50.0007 1284 \Device\Harddisk0\DR0\Partition1 - ok
    15:56:50.0007 1284 ============================================================
    15:56:50.0007 1284 Scan finished
    15:56:50.0007 1284 ============================================================
    15:56:50.0017 1240 Detected object count: 1
    15:56:50.0017 1240 Actual detected object count: 1
    15:57:34.0449 1240 \Device\Harddisk0\DR0\# - copied to quarantine
    15:57:34.0449 1240 \Device\Harddisk0\DR0 - copied to quarantine
    15:57:34.0548 1240 \Device\Harddisk0\DR0 - processing error
    15:57:45.0149 1240 \Device\Harddisk0\DR0 - will be restored on reboot
    15:57:45.0153 1240 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
    15:57:52.0226 0356 Deinitialize success
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good.

    Post new aswMBR log.
     
  19. alexia2525

    alexia2525 TS Rookie Topic Starter

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-10 15:36:09
    -----------------------------
    15:36:09.508 OS Version: Windows x64 6.0.6002 Service Pack 2
    15:36:09.508 Number of processors: 2 586 0x170A
    15:36:09.508 ComputerName: ALEX-PC UserName: Alex
    15:36:12.192 Initialize success
    15:36:45.576 AVAST engine defs: 12021000
    15:36:51.488 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:36:51.488 Disk 0 Vendor: WDC_WD3200BEVT-00A0RT0 01.01A01 Size: 305245MB BusType: 3
    15:36:51.488 Disk 0 MBR read successfully
    15:36:51.488 Disk 0 MBR scan
    15:36:51.504 Disk 0 MBR:Alureon-K [Rtk]
    15:36:51.504 Disk 0 TDL4@MBR code has been found
    15:36:51.519 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 245974 MB offset 2048
    15:36:51.519 Disk 0 Partition - 00 0F Extended LBA 39929 MB offset 503756800
    15:36:51.550 Disk 0 Partition 2 00 12 Compaq diag NTFS 19340 MB offset 585531392
    15:36:51.582 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 39928 MB offset 503758848
    15:36:51.597 Disk 0 MBR [TDL4] **ROOTKIT**
    15:36:51.597 Service scanning
    15:36:54.249 Modules scanning
    15:36:54.249 Disk 0 trace - called modules:
    15:36:54.265 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    15:36:54.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004df9060]
    15:36:54.265 3 CLASSPNP.SYS[fffffa6000dcec33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004be3940]
    15:36:54.982 AVAST engine scan C:\Windows
    15:36:57.244 AVAST engine scan C:\Windows\system32
    15:39:31.528 AVAST engine scan C:\Windows\system32\drivers
    15:39:42.074 AVAST engine scan C:\Users\Alex
    15:42:36.622 AVAST engine scan C:\ProgramData
    15:43:52.532 Scan finished successfully
    15:48:08.029 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
    15:48:08.029 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-10 16:13:10
    -----------------------------
    16:13:10.182 OS Version: Windows x64 6.0.6002 Service Pack 2
    16:13:10.182 Number of processors: 2 586 0x170A
    16:13:10.183 ComputerName: ALEX-PC UserName: Alex
    16:13:11.522 Initialize success
    16:13:21.291 AVAST engine defs: 12021000
    16:14:50.726 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    16:14:50.728 Disk 0 Vendor: WDC_WD3200BEVT-00A0RT0 01.01A01 Size: 305245MB BusType: 3
    16:14:50.769 Disk 0 MBR read successfully
    16:14:50.772 Disk 0 MBR scan
    16:14:50.797 Disk 0 Windows XP default MBR code
    16:14:50.816 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 245974 MB offset 2048
    16:14:50.821 Disk 0 Partition - 00 0F Extended LBA 39929 MB offset 503756800
    16:14:50.854 Disk 0 Partition 2 00 12 Compaq diag NTFS 19340 MB offset 585531392
    16:14:50.883 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 39928 MB offset 503758848
    16:14:50.889 Service scanning
    16:14:52.265 Modules scanning
    16:14:52.269 Disk 0 trace - called modules:
    16:14:52.313 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    16:14:52.647 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005958790]
    16:14:52.652 3 CLASSPNP.SYS[fffffa6000dcbc33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c10940]
    16:14:53.604 AVAST engine scan C:\Windows
    16:14:56.192 AVAST engine scan C:\Windows\system32
    16:17:39.914 AVAST engine scan C:\Windows\system32\drivers
    16:17:51.691 AVAST engine scan C:\Users\Alex
    16:20:46.467 AVAST engine scan C:\ProgramData
    16:21:57.129 Scan finished successfully
    16:23:03.186 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
    16:23:03.209 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  21. alexia2525

    alexia2525 TS Rookie Topic Starter

    ComboFix 12-02-10.03 - Alex 02/10/2012 16:57:38.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4056.2927 [GMT -5:00]
    Running from: c:\users\Alex\Downloads\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~8JntlRdmQcf4nC
    c:\programdata\~8JntlRdmQcf4nCr
    c:\programdata\8JntlRdmQcf4nC
    c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\users\Alex\Desktop\System Check.lnk
    c:\users\Alex\Firefox Setup 10.0_1.exe
    c:\windows\s.bat
    c:\windows\system32\GroupPolicy\Machine\Registry.pol
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-10 22:03 . 2012-02-10 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-10 20:57 . 2012-02-10 20:57 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-10 01:15 . 2012-02-10 01:15 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
    2012-02-10 01:15 . 2012-02-10 01:15 -------- d-----w- c:\users\Alex\AppData\Roaming\FixTDSS
    2012-02-09 02:44 . 2012-02-09 02:45 -------- d-----w- C:\6010b44034f764d1a9
    2012-02-08 19:01 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
    2012-02-08 19:01 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
    2012-02-08 19:01 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
    2012-02-08 19:01 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2012-02-08 18:53 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-02-08 18:53 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
    2012-02-08 18:53 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
    2012-02-08 18:53 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2012-02-07 20:00 . 2012-02-07 20:00 -------- d-----w- c:\users\Alex\AppData\Roaming\AVG
    2012-02-06 00:18 . 2012-02-06 00:18 -------- d-----w- c:\programdata\AVG Secure Search
    2012-02-06 00:18 . 2012-02-07 00:06 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2012-02-06 00:18 . 2012-02-06 00:18 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2012-02-06 00:17 . 2012-02-10 21:50 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2012-02-05 23:26 . 2012-02-05 23:28 -------- d-----w- c:\program files\CCleaner
    2012-02-05 03:02 . 2012-02-05 04:36 -------- d-----w- C:\Documents2
    2012-02-03 18:06 . 2012-02-06 02:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy1
    2012-02-03 06:47 . 2012-02-03 06:47 -------- d-----w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-01 05:27 . 2012-02-01 05:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-02-01 05:11 . 2012-02-01 05:30 -------- d-----w- c:\program files (x86)\Microsoft Works
    2012-02-01 05:10 . 2012-02-01 05:10 -------- d-----w- c:\windows\PCHEALTH
    2012-02-01 05:08 . 2012-02-01 05:08 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
    2012-02-01 05:07 . 2012-02-01 05:07 -------- d-----w- c:\users\Alex\AppData\Local\Microsoft Help
    2012-02-01 05:07 . 2012-02-01 05:07 -------- d-----r- C:\MSOCache
    2012-02-01 02:40 . 2012-02-01 02:40 -------- d-----w- c:\users\Alex\AppData\Roaming\TestApp
    2012-02-01 02:40 . 2012-02-01 02:40 -------- d-----w- c:\programdata\PC Tools
    2012-01-31 13:31 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-31 13:31 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-31 13:31 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
    2012-01-31 13:31 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
    2012-01-31 13:31 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-31 13:31 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-01-31 13:31 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
    2012-01-31 13:31 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-01-31 13:31 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
    2012-01-28 19:05 . 2012-01-28 19:05 -------- d-----w- c:\program files\iPod
    2012-01-28 19:05 . 2012-01-28 19:05 -------- d-----w- c:\program files\iTunes
    2012-01-28 19:05 . 2012-01-28 19:05 -------- d-----w- c:\program files (x86)\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-25 16:25 . 2012-01-11 00:07 451072 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:57 . 2011-12-14 19:28 2764800 ----a-w- c:\windows\system32\win32k.sys
    2011-11-23 11:38 . 2011-06-24 10:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-18 20:55 . 2012-01-11 00:07 1585152 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-18 20:55 . 2012-01-11 00:07 1167984 ----a-w- c:\windows\SysWow64\ntdll.dll
    2011-11-18 18:07 . 2012-01-11 00:07 76800 ----a-w- c:\windows\system32\packager.dll
    2011-11-18 17:47 . 2012-01-11 00:07 66560 ----a-w- c:\windows\SysWow64\packager.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-02-06 00:18 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-06 1811296]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2008-08-05 8857488]
    "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2008-09-11 5541792]
    "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-02-06 939872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0\0sdnclean64.exe
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - AVGIDSEH
    *Deregistered* - Avgrkx64
    *Deregistered* - Avgtdia
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 02:42]
    .
    2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 02:42]
    .
    2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4245361820-4210316582-3963639369-1003Core.job
    - c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-09 07:16]
    .
    2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4245361820-4210316582-3963639369-1003UA.job
    - c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-09 07:16]
    .
    2012-02-10 c:\windows\Tasks\User_Feed_Synchronization-{0422D2B5-98C1-4BE9-BEFD-2BF564BDE206}.job
    - c:\windows\system32\msfeedssync.exe [2011-09-26 20:09]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1236776]
    "SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\wm51n1e4.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B466b4273-6f86-42e3-8e95-3258532723be%7D&mid=4c7223c9798147d68137d16a1cf4f288-fb466962c3a5a5ecbc4f36b40361249fa830a644&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-02-05%2019%3A18%3A10&sap=ku&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-TmlCMode - c:\program files (x86)\Compal\TmlCMode\TmlCMode.exe
    HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-10 17:10:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-10 22:10
    .
    Pre-Run: 191,265,615,872 bytes free
    Post-Run: 191,300,395,008 bytes free
    .
    - - End Of File - - 1A5775C23BBB8881DA65E4F53B7311FD
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Looks good :)

    How is computer doing?

    You can reinstall AVG now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. alexia2525

    alexia2525 TS Rookie Topic Starter

    Awesome! The computer seems to be doing great. No blue screen shutdowns, and no more redirects. Thank you so much for your help!

    OTL Extras logfile created on: 2/10/2012 5:50:37 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.60% Memory free
    8.13 Gb Paging File | 6.79 Gb Available in Paging File | 83.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 240.21 Gb Total Space | 177.04 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
    Drive D: | 38.99 Gb Total Space | 37.21 Gb Free Space | 95.44% Space Free | Partition Type: NTFS

    Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 40 B5 B2 99 C4 BA C9 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{11AE0082-D110-40A6-A7FC-B8563264D2E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3128670E-E63E-4CED-BC3F-BB9D81F4D8A6}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{32A12E2B-C2A6-4DF4-9E9C-3A778CB8C65B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{339605E3-D989-4AB6-B2DA-2C901A25A081}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{3A4A3916-FCEB-4A55-8AA5-73400BCC48B3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{3B58C372-639B-45CA-ADA4-CBFFD71E3155}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{64910820-1139-4153-B3E5-F074A5D14A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{67633EA5-D8D6-4216-8FD7-02C15D883644}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{7932F4E9-6968-466C-A6EA-028210406FD5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{8176D7FA-CF07-4FF8-B846-7AE7BA8F0ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{9A99620C-2D3D-4F27-84AA-1B7948B4C9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{9CE7DC97-9DD4-4DE1-89EC-094FB03C298B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{9D68363C-FB52-4B11-93B5-56B6228C7A3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A2BCCCF1-DF09-4F57-8813-D32B105DC364}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{ADABF9AC-FD46-4615-B09F-DC844EAEB64F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{B668ACF5-C244-4654-9B1A-9BB785A2766E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B9BBC791-2CD7-490B-B38F-2F9CD64C58E6}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{BE414063-4B9A-42CD-8AA9-75069D4C2A0E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{C122B924-E28B-4FAA-B2EC-EA90B8F0224F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{C379DCBB-5702-4E5F-8C91-E5A549CF8610}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C7F06C86-E3CD-4EA4-AC3D-411664ADE173}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{C8FAA33C-3E59-400B-95B0-B83564EE293E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E75524DB-EDB6-4A3D-8B58-C9FF56769B2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{F17F8D47-7DB6-412A-8EE8-9C2DD5949E19}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{F2E07DC3-138C-4680-BC0F-4C56E18EAE8D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{F60AF511-34D9-48B7-91B4-6FB0D1658204}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B059BBA1-D29C-4EFC-83CE-1FBAFA0021F2}" = O2Micro Flash Memory Card Reader Driver (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi Software
    "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
    "98F430CBCDF7F19069C50A7D55044EEBE2311133" = Windows Driver Package - Lenovo (ACPIVPC) System (01/03/2008 3.1.0.1)
    "B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
    "{26E9EE62-5517-4C46-8B6E-B7C9A0A95D66}" = SWelCntr
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6345DBAE-79E8-443A-9A21-926DA3998A70}" = Lenovo First Boot
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
    "{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "EasyCapture3.0" = EasyCapture
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "InstallShield_{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
    "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/23/2010 10:15:49 PM | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8856488

    Error - 8/23/2010 10:15:49 PM | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8856488

    Error - 8/24/2010 1:18:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    Error - 8/24/2010 1:19:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    Error - 8/24/2010 1:19:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 3026
    Description =

    Error - 8/24/2010 1:20:34 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    Error - 8/24/2010 1:21:05 AM | Computer Name = Alex-PC | Source = Google Update | ID = 20
    Description =

    Error - 8/24/2010 10:04:40 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    Error - 8/24/2010 10:05:25 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    Error - 8/24/2010 10:06:11 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    [ Media Center Events ]
    Error - 6/8/2009 8:55:01 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/8/2009 9:07:21 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 3/15/2010 3:37:57 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >

    OTL Extras logfile created on: 2/10/2012 5:50:37 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.60% Memory free
    8.13 Gb Paging File | 6.79 Gb Available in Paging File | 83.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 240.21 Gb Total Space | 177.04 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
    Drive D: | 38.99 Gb Total Space | 37.21 Gb Free Space | 95.44% Space Free | Partition Type: NTFS

    Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 40 B5 B2 99 C4 BA C9 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{11AE0082-D110-40A6-A7FC-B8563264D2E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3128670E-E63E-4CED-BC3F-BB9D81F4D8A6}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{32A12E2B-C2A6-4DF4-9E9C-3A778CB8C65B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{339605E3-D989-4AB6-B2DA-2C901A25A081}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{3A4A3916-FCEB-4A55-8AA5-73400BCC48B3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{3B58C372-639B-45CA-ADA4-CBFFD71E3155}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{64910820-1139-4153-B3E5-F074A5D14A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{67633EA5-D8D6-4216-8FD7-02C15D883644}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{7932F4E9-6968-466C-A6EA-028210406FD5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{8176D7FA-CF07-4FF8-B846-7AE7BA8F0ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{9A99620C-2D3D-4F27-84AA-1B7948B4C9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{9CE7DC97-9DD4-4DE1-89EC-094FB03C298B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{9D68363C-FB52-4B11-93B5-56B6228C7A3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A2BCCCF1-DF09-4F57-8813-D32B105DC364}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{ADABF9AC-FD46-4615-B09F-DC844EAEB64F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{B668ACF5-C244-4654-9B1A-9BB785A2766E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B9BBC791-2CD7-490B-B38F-2F9CD64C58E6}" = protocol=17 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{BE414063-4B9A-42CD-8AA9-75069D4C2A0E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{C122B924-E28B-4FAA-B2EC-EA90B8F0224F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{C379DCBB-5702-4E5F-8C91-E5A549CF8610}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C7F06C86-E3CD-4EA4-AC3D-411664ADE173}" = protocol=6 | dir=in | app=c:\users\alex\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{C8FAA33C-3E59-400B-95B0-B83564EE293E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E75524DB-EDB6-4A3D-8B58-C9FF56769B2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{F17F8D47-7DB6-412A-8EE8-9C2DD5949E19}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{F2E07DC3-138C-4680-BC0F-4C56E18EAE8D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{F60AF511-34D9-48B7-91B4-6FB0D1658204}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B059BBA1-D29C-4EFC-83CE-1FBAFA0021F2}" = O2Micro Flash Memory Card Reader Driver (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi Software
    "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
    "98F430CBCDF7F19069C50A7D55044EEBE2311133" = Windows Driver Package - Lenovo (ACPIVPC) System (01/03/2008 3.1.0.1)
    "B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
    "{26E9EE62-5517-4C46-8B6E-B7C9A0A95D66}" = SWelCntr
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6345DBAE-79E8-443A-9A21-926DA3998A70}" = Lenovo First Boot
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
    "{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "EasyCapture3.0" = EasyCapture
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "InstallShield_{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
    "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/23/2010 10:15:49 PM | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8856488

    Error - 8/23/2010 10:15:49 PM | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8856488

    Error - 8/24/2010 1:18:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    Error - 8/24/2010 1:19:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    Error - 8/24/2010 1:19:48 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 3026
    Description =

    Error - 8/24/2010 1:20:34 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    Error - 8/24/2010 1:21:05 AM | Computer Name = Alex-PC | Source = Google Update | ID = 20
    Description =

    Error - 8/24/2010 10:04:40 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    Error - 8/24/2010 10:05:25 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    Error - 8/24/2010 10:06:11 AM | Computer Name = Alex-PC | Source = Windows Search Service | ID = 1006
    Description =

    [ Media Center Events ]
    Error - 6/8/2009 8:55:01 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/8/2009 9:07:21 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 3/15/2010 3:37:57 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good news :)

    I still need OTL.txt log.
    You posted only Extras.txt
     
  25. alexia2525

    alexia2525 TS Rookie Topic Starter

    Sorry, that's what happens when I try to multitask...

    OTL logfile created on: 2/10/2012 5:50:36 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.60% Memory free
    8.13 Gb Paging File | 6.79 Gb Available in Paging File | 83.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 240.21 Gb Total Space | 177.04 Gb Free Space | 73.70% Space Free | Partition Type: NTFS
    Drive D: | 38.99 Gb Total Space | 37.21 Gb Free Space | 95.44% Space Free | Partition Type: NTFS

    Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/10 17:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Downloads\OTL.exe
    PRC - [2012/02/05 19:18:05 | 000,909,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    PRC - [2012/02/05 19:18:02 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2008/08/04 19:47:56 | 008,857,488 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    PRC - [2008/07/29 14:40:38 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
    PRC - [2008/07/20 23:19:52 | 002,701,880 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
    PRC - [2007/02/12 03:43:46 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/05 19:18:02 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2005/06/24 23:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/10/19 17:51:44 | 001,430,288 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/10/19 17:29:38 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2008/07/29 14:40:38 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/10/18 03:37:24 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV - [2012/02/05 19:18:05 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/04/11 11:23:49 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/02/12 03:43:46 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/02/09 20:15:06 | 000,027,256 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FixTDSS.sys -- (FixTDSS)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/10/18 04:15:18 | 007,959,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64) ___ Intel(R)
    DRV:64bit: - [2010/08/25 22:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/05/19 08:43:32 | 000,026,128 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AcpiVpc.sys -- (ACPIVPC)
    DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/12/18 08:13:34 | 000,067,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\funfrm.sys -- (funfrm)
    DRV:64bit: - [2008/10/15 13:58:32 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
    DRV:64bit: - [2008/09/10 23:32:32 | 001,015,040 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vm331avs.sys -- (vm331avs)
    DRV:64bit: - [2008/07/11 02:08:52 | 000,055,360 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tvtumon.sys -- (tvtumon)
    DRV:64bit: - [2008/06/29 17:52:46 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2008/06/17 21:28:48 | 000,118,768 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSVD.sys -- (WSVD)
    DRV:64bit: - [2008/06/11 21:29:32 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
    DRV:64bit: - [2008/05/21 11:36:34 | 000,263,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2008/05/13 00:48:40 | 000,062,424 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
    DRV:64bit: - [2008/04/29 04:56:42 | 000,014,336 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhid.sys -- (enecirhid)
    DRV:64bit: - [2008/04/29 04:55:34 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
    DRV:64bit: - [2008/04/27 18:38:14 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
    DRV:64bit: - [2008/04/25 12:16:32 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys -- (enecirhidma)
    DRV:64bit: - [2008/04/10 09:11:18 | 000,325,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2008/03/25 04:51:18 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2008/03/25 04:47:08 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2008/03/25 04:45:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2008/01/24 21:32:12 | 000,219,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2007/10/18 03:37:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2007/07/03 20:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
    DRV:64bit: - [2007/07/03 20:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
    DRV:64bit: - [2007/07/03 20:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
    DRV:64bit: - [2007/07/03 20:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV:64bit: - [2007/01/18 17:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
    DRV:64bit: - [2006/06/18 10:27:26 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2008/12/18 08:13:47 | 000,053,248 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\FunFrm.dll -- (funfrm)
    DRV - [2008/10/15 13:58:34 | 000,028,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2007/10/25 19:06:04 | 000,017,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\EMSC.SYS -- (EMSC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 D5 1A BB B2 E1 CC 01 [binary data]
    IE - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B466b4273-6f86-42e3-8e95-3258532723be%7D&mid=4c7223c9798147d68137d16a1cf4f288-fb466962c3a5a5ecbc4f36b40361249fa830a644&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-02-05%2019%3A18%3A10&sap=ku&q="

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/02/05 19:18:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/03 12:51:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/01 00:11:28 | 000,000,000 | ---D | M]

    [2012/02/03 12:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
    [2012/02/03 12:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/02/05 19:18:21 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
    [2012/01/29 10:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/02/03 00:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/05 19:18:01 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: AVG Safe Search = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
    CHR - Extension: Gmail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/02/10 17:05:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-4245361820-4210316582-3963639369-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30AE9DAF-C64A-4E3E-B211-9687BF252C76}: DhcpNameServer = 8.8.8.8 8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F795AEEA-6978-45C4-8C3B-AD428CDFCFBA}: DhcpNameServer = 167.206.251.129 167.206.251.130
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/10 17:10:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/10 16:55:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/10 16:55:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/10 16:55:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/10 16:55:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/10 16:55:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/10 15:57:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/10 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\bootkit_remover
    [2012/02/09 20:15:06 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
    [2012/02/09 20:15:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\FixTDSS
    [2012/02/08 21:44:56 | 000,000,000 | ---D | C] -- C:\6010b44034f764d1a9
    [2012/02/07 15:00:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\AVG
    [2012/02/05 21:37:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/02/05 19:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/02/05 19:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2012/02/05 19:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/02/05 19:17:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
    [2012/02/05 18:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/02/04 22:02:49 | 000,000,000 | ---D | C] -- C:\Documents2
    [2012/02/03 13:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy1
    [2012/02/03 01:47:48 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
    [2012/02/01 00:15:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Microsoft Office
    [2012/02/01 00:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012/02/01 00:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
    [2012/02/01 00:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
    [2012/02/01 00:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2012/02/01 00:10:32 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2012/02/01 00:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2012/02/01 00:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2012/02/01 00:07:23 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Microsoft Help
    [2012/02/01 00:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2012/02/01 00:07:00 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2012/01/31 21:40:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\TestApp
    [2012/01/31 21:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/01/28 14:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/01/28 14:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/01/28 14:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/01/28 14:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2011/03/05 17:48:40 | 000,131,072 | ---- | C] ( ) -- C:\Windows\vm331Rmv.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/02/10 17:50:00 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0422D2B5-98C1-4BE9-BEFD-2BF564BDE206}.job
    [2012/02/10 17:07:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/10 17:05:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/02/10 17:05:07 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
    [2012/02/10 17:05:05 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/10 17:05:05 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/10 17:05:05 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/10 17:04:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/10 17:04:52 | 4253,655,040 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/10 16:57:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4245361820-4210316582-3963639369-1003UA.job
    [2012/02/10 16:23:03 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat
    [2012/02/10 16:13:09 | 000,001,356 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
    [2012/02/10 15:20:02 | 517,316,934 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/02/10 06:58:19 | 000,044,607 | ---- | M] () -- C:\Users\Alex\Desktop\bootkit_remover.zip
    [2012/02/10 06:53:13 | 000,600,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/02/10 06:53:12 | 000,102,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/02/09 21:57:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4245361820-4210316582-3963639369-1003Core.job
    [2012/02/09 20:15:06 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
    [2012/02/09 06:27:31 | 000,408,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/02/08 21:46:36 | 000,718,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/02/07 18:41:54 | 000,022,739 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/02/05 21:38:04 | 000,002,037 | ---- | M] () -- C:\Users\Alex\Desktop\Google Chrome.lnk
    [2012/02/05 21:38:04 | 000,001,999 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/02/05 18:31:00 | 000,000,664 | ---- | M] () -- C:\Users\Alex\Desktop\iTunes - Shortcut.lnk
    [2012/02/05 18:28:13 | 000,173,356 | ---- | M] () -- C:\Users\Alex\Documents\cc_20120205_182800.reg
    [2012/02/04 20:14:51 | 000,002,651 | ---- | M] () -- C:\Users\Alex\Desktop\Microsoft Office Word 2007.lnk
    [2012/02/03 12:51:22 | 000,000,912 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/03 12:51:22 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/01/31 15:55:38 | 000,000,629 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/29 21:21:51 | 000,227,376 | ---- | M] () -- C:\Users\Alex\Documents\TaxReturn-1.pdf
    [2012/01/22 14:34:08 | 000,023,466 | ---- | M] () -- C:\Users\Alex\Documents\untitled_0.odt
    [2012/01/15 16:52:02 | 000,006,786 | ---- | M] () -- C:\Users\Alex\Documents\AlexandraStrangeJournal1.350.rtf
    [2012/01/15 16:51:36 | 000,007,137 | ---- | M] () -- C:\Users\Alex\Documents\AlexandraStrangeJournal1.rtf
    [2012/01/15 15:49:11 | 000,027,214 | ---- | M] () -- C:\Users\Alex\Documents\Journal1.odt

    ========== Files Created - No Company Name ==========

    [2012/02/10 16:55:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/10 16:55:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/10 16:55:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/10 16:55:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/10 16:55:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/10 15:58:33 | 4253,655,040 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/10 15:48:08 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat
    [2012/02/10 06:58:18 | 000,044,607 | ---- | C] () -- C:\Users\Alex\Desktop\bootkit_remover.zip
    [2012/02/09 20:26:52 | 517,316,934 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/02/05 21:38:04 | 000,002,037 | ---- | C] () -- C:\Users\Alex\Desktop\Google Chrome.lnk
    [2012/02/05 21:38:04 | 000,001,999 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/02/05 18:31:00 | 000,000,664 | ---- | C] () -- C:\Users\Alex\Desktop\iTunes - Shortcut.lnk
    [2012/02/05 18:28:03 | 000,173,356 | ---- | C] () -- C:\Users\Alex\Documents\cc_20120205_182800.reg
    [2012/02/03 12:51:22 | 000,000,912 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/03 12:51:22 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/02/03 12:51:22 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/02/01 00:15:31 | 000,002,651 | ---- | C] () -- C:\Users\Alex\Desktop\Microsoft Office Word 2007.lnk
    [2012/01/31 15:09:17 | 000,000,629 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/31 14:35:50 | 000,023,466 | ---- | C] () -- C:\Users\Alex\Documents\untitled_0.odt
    [2012/01/29 21:21:51 | 000,227,376 | ---- | C] () -- C:\Users\Alex\Documents\TaxReturn-1.pdf
    [2012/01/15 16:52:00 | 000,006,786 | ---- | C] () -- C:\Users\Alex\Documents\AlexandraStrangeJournal1.350.rtf
    [2012/01/15 16:51:32 | 000,007,137 | ---- | C] () -- C:\Users\Alex\Documents\AlexandraStrangeJournal1.rtf
    [2012/01/12 21:05:56 | 000,027,214 | ---- | C] () -- C:\Users\Alex\Documents\Journal1.odt
    [2011/03/23 19:34:44 | 000,003,584 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/23 19:23:58 | 000,001,356 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
    [2011/03/07 18:28:01 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/03/05 17:50:15 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2011/03/05 17:50:15 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2011/03/05 17:50:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2011/03/05 17:50:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2011/03/05 17:50:15 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2011/03/05 17:48:40 | 000,001,001 | ---- | C] () -- C:\Windows\vm331Rmv.ini
    [2009/04/11 11:23:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/04/11 11:22:30 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2009/04/11 11:22:29 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/04/11 11:22:25 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2008/12/18 08:13:49 | 009,338,880 | ---- | C] () -- C:\Windows\SysWow64\Facev.dll
    [2008/12/18 08:13:49 | 000,491,520 | ---- | C] () -- C:\Windows\SysWow64\picn.dll
    [2008/12/18 08:13:49 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\image.dll
    [2008/12/18 08:13:47 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FunFrm.dll
    [2008/12/18 08:13:46 | 009,502,720 | ---- | C] () -- C:\Windows\SysWow64\FaceVerify.dll
    [2008/12/18 08:13:46 | 001,564,672 | ---- | C] () -- C:\Windows\SysWow64\MainOp.dll
    [2008/12/18 08:13:46 | 001,163,264 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
    [2008/12/18 08:13:46 | 000,442,368 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
    [2008/12/18 08:13:46 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\SetDev.dll
    [2008/12/18 08:13:46 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\VideoOp.dll
    [2008/12/18 08:13:46 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\Momo.dll
    [2008/12/18 08:13:46 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\DevFilt.dll
    [2008/12/18 08:13:35 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
    [2008/12/18 08:13:29 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
    [2008/12/18 07:43:04 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\EMSC.DLL
    [2008/10/15 13:58:34 | 000,028,808 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
    [2008/07/24 04:59:06 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2011/05/25 16:12:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Amazon
    [2012/02/07 15:00:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AVG
    [2012/02/09 20:15:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FixTDSS
    [2011/03/05 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Lenovo
    [2011/03/05 18:20:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ooVoo Details
    [2011/03/05 18:20:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
    [2011/03/05 18:20:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sierra Wireless
    [2012/01/31 21:40:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TestApp
    [2011/03/05 18:20:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
    [2012/02/10 17:04:07 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/02/10 17:50:00 | 000,000,472 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0422D2B5-98C1-4BE9-BEFD-2BF564BDE206}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/04/11 11:23:29 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/03/05 17:50:22 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/02/10 17:10:11 | 000,016,213 | ---- | M] () -- C:\ComboFix.txt
    [2009/01/16 01:54:42 | 000,012,251 | ---- | M] () -- C:\FaceProv.log
    [2012/02/10 17:04:52 | 4253,655,040 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/09 07:18:31 | 000,018,200 | ---- | M] () -- C:\ICAutoUpdate.log.bak
    [2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/02/10 17:04:48 | 272,289,791 | -HS- | M] () -- C:\pagefile.sys
    [2012/02/10 17:10:01 | 016,687,843 | ---- | M] () -- C:\sysiclog.txt
    [2011/03/23 10:04:21 | 021,102,936 | ---- | M] () -- C:\sysiclog.txt.bak
    [2005/07/06 01:44:10 | 000,000,496 | ---- | M] () -- C:\sysprep
    [2012/02/10 15:57:52 | 000,076,362 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_10.02.2012_15.56.12_log.txt
    [2012/02/10 16:12:56 | 000,075,400 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_10.02.2012_16.01.57_log.txt
    [2011/01/06 15:35:31 | 000,000,341 | ---- | M] () -- C:\WirelessDiagLog.csv
    [2012/02/10 17:05:07 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo

    < %systemroot%\Fonts\*.com >
    [2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/04/11 11:26:01 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/03/05 18:56:59 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...