My IPS says I have a spam zombie on my PC. I have run full scans with Avast and Malwarebites and have found nothing. I have over 4000 returned emails in my email inbox from my server bouncing them back to me - how do I find Zombie and remove if Avast can’t find it?
Any help would be greatly appreciated.
Post the logs here requested by essexboy
http://forum.avast.com/index.php?topic=53253.0
OTL Extras logfile created on: 1/3/2012 7:50:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ken\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.80 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 47.98% Memory free
7.60 Gb Paging File | 5.69 Gb Available in Paging File | 74.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.59 Gb Total Space | 160.36 Gb Free Space | 34.52% Space Free | Partition Type: NTFS
Computer Name: KEN-THINK | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.url[@ = InternetShortcut] – C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.bat [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.chm [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.cmd [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.com [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.cpl [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.exe [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.hta [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.html [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.inf [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.ini [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.url [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.js [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.pif [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.reg [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.txt [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.vbs [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3670436060-58936132-2259226351-1001\SOFTWARE\Classes<extension>]
.html [@ = FirefoxHTML] – C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
exefile [open] – “%1” %*
helpfile [open] – Reg Error: Key error.
inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)
InternetShortcut [open] – “C:\Windows\System32\rundll32.exe” “C:\Windows\System32\ieframe.dll”,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] – “C:\Windows\System32\rundll32.exe” “C:\Windows\System32\mshtml.dll”,PrintHTML “%1” (Microsoft Corporation)
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] – cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] – Reg Error: Value error.
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [edit] – Reg Error: Key error.
batfile [open] – Reg Error: Key error.
batfile [print] – Reg Error: Key error.
chm.file [open] – Reg Error: Key error.
cmdfile [edit] – Reg Error: Key error.
cmdfile [open] – Reg Error: Key error.
cmdfile [print] – Reg Error: Key error.
comfile [open] – Reg Error: Key error.
cplfile [cplopen] – Reg Error: Key error.
exefile [open] – Reg Error: Key error.
helpfile [open] – Reg Error: Key error.
hlpfile [open] – Reg Error: Key error.
htafile [open] – Reg Error: Key error.
htmlfile [edit] – Reg Error: Key error.
htmlfile [open] – Reg Error: Key error.
htmlfile [opennew] – Reg Error: Key error.
htmlfile [print] – Reg Error: Key error.
http [open] – Reg Error: Key error.
https [open] – Reg Error: Key error.
inffile [install] – Reg Error: Key error.
inffile [open] – Reg Error: Key error.
inffile [print] – Reg Error: Key error.
inifile [open] – Reg Error: Key error.
inifile [print] – Reg Error: Key error.
InternetShortcut [open] – Reg Error: Key error.
InternetShortcut [print] – Reg Error: Key error.
jsfile [edit] – Reg Error: Key error.
jsfile [open] – Reg Error: Key error.
jsfile [print] – Reg Error: Key error.
jsefile [edit] – Reg Error: Key error.
jsefile [open] – Reg Error: Key error.
jsefile [print] – Reg Error: Key error.
piffile [open] – Reg Error: Key error.
regfile [edit] – Reg Error: Key error.
regfile [open] – Reg Error: Key error.
regfile [merge] – Reg Error: Key error.
regfile [print] – Reg Error: Key error.
scrfile [config] – Reg Error: Key error.
scrfile [install] – Reg Error: Key error.
scrfile [open] – Reg Error: Key error.
txtfile [edit] – Reg Error: Key error.
txtfile [open] – Reg Error: Key error.
txtfile [print] – Reg Error: Key error.
txtfile [printto] – Reg Error: Key error.
vbefile [edit] – Reg Error: Key error.
vbefile [open] – Reg Error: Key error.
vbefile [print] – Reg Error: Key error.
vbsfile [edit] – Reg Error: Key error.
vbsfile [open] – Reg Error: Key error.
vbsfile [print] – Reg Error: Key error.
wsffile [edit] – Reg Error: Key error.
wsffile [open] – Reg Error: Key error.
wsffile [print] – Reg Error: Key error.
wshfile [open] – Reg Error: Key error.
Unknown [openas] – Reg Error: Key error.
Folder [open] – Reg Error: Key error.
Folder [explore] – Reg Error: Key error.
Drive [find] – Reg Error: Key error.
Applications\iexplore.exe [open] – Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“cval” = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
“VistaSp1” = 28 4D B2 76 41 04 CA 01 [binary data]
“AntiVirusOverride” = 0
“AntiSpywareOverride” = 0
“FirewallOverride” = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“DisableNotifications” = 0
“EnableFirewall” = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“DisableNotifications” = 0
“EnableFirewall” = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
“DisableNotifications” = 0
“EnableFirewall” = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}” = Network64
“{071c9b48-7c32-4621-a0ac-3f809523288f}” = Microsoft Visual C++ 2005 Redistributable (x64)
“{26A24AE4-039D-4CA4-87B4-2F86416017FF}” = Java™ 6 Update 17 (64-bit)
“{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}” = Intel(R) Turbo Boost Technology Monitor
“{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}” = MobileMe Control Panel
“{46A84694-59EC-48F0-964C-7E76E9F8A2ED}” = ThinkVantage Active Protection System
“{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
“{55D55008-E5F6-47D6-B16F-B2A40D4D145F}” = 64 Bit HP CIO Components Installer
“{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
“{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}” = Network64
“{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}” = Microsoft Visual C++ 2005 Redistributable (x64)
“{75104836-CAC7-444E-A39E-3F54151942F5}” = Apple Mobile Device Support
“{88C6A6D9-324C-46E8-BA87-563D14021442}_is1” = ThinkVantage Communications Utility
“{90140000-002A-0000-1000-0000000FF1CE}” = Microsoft Office Office 64-bit Components 2010
“{90140000-002A-0409-1000-0000000FF1CE}” = Microsoft Office Shared 64-bit MUI (English) 2010
“{90140000-0116-0409-1000-0000000FF1CE}” = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
“{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}” = Microsoft Visual C++ 2005 Redistributable (x64)
“{B61ED343-0B14-4241-999C-490CB1A20DA4}” = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
“{B6E3757B-5E77-3915-866A-CCFC4B8D194C}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
“{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}” = WinZip 16.0
“{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}” = iTunes
“{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}” = Microsoft .NET Framework 4 Client Profile
“03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E” = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146)
“114EB224AD576F278686036AA9E1EFB7847E3935” = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
“1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31” = Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
“573C3C32A1DB5625CA00E633E584E8A0E6383672” = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
“A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9” = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
“C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6” = Windows Driver Package - Intel (iaStor) hdc (01/15/2010 9.5.7.1002)
“CCleaner” = CCleaner
“D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1” = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
“doPDF 7 printer_is1” = doPDF 7.2 printer
“E7B58217635B8F723D4744A328A4B3237DB35FA9” = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
“EnablePS” = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
“HP Imaging Device Functions” = HP Imaging Device Functions 13.0
“HP Photosmart Essential” = HP Photosmart Essential 3.5
“HP Smart Web Printing” = HP Smart Web Printing 4.51
“HP Solution Center & Imaging Support Tools” = HP Solution Center 13.0
“HPExtendedCapabilities” = HP Customer Participation Program 13.0
“HPOCR” = OCR Software by I.R.I.S. 13.0
“LENOVO.SMIIF” = Lenovo System Interface Driver
“LenovoAutoScrollUtility” = Lenovo Auto Scroll Utility
“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile
“OnScreenDisplay” = On Screen Display
“PC-Doctor for Windows” = Lenovo ThinkVantage Toolbox
“Power Management Driver” = ThinkPad Power Management Driver
“SynTPDeinstKey” = ThinkPad UltraNav Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“HP Smart Web Printing” = HP Smart Web Printing 4.51
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3670436060-58936132-2259226351-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“28D488957B01EB7AB48F2AE437D444CE09E261A9” = eBay Excel Add-in
“FileZilla Client” = FileZilla Client 3.5.2
“Google Chrome” = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/15/2011 8:06:11 AM | Computer Name = Ken-THINK | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
with error: The data is invalid. .
Error - 4/15/2011 8:06:11 AM | Computer Name = Ken-THINK | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
with error: The data is invalid. .
Error - 4/15/2011 8:24:18 AM | Computer Name = Ken-THINK | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 4/15/2011 11:10:10 PM | Computer Name = Ken-THINK | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 4/16/2011 5:27:17 PM | Computer Name = Ken-THINK | Source = Bonjour Service | ID = 100
Description =
Error - 4/17/2011 8:11:45 AM | Computer Name = Ken-THINK | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
with error: The data is invalid. .
Error - 4/17/2011 4:35:52 PM | Computer Name = Ken-THINK | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
with error: The data is invalid. .
Error - 4/17/2011 6:39:48 PM | Computer Name = Ken-THINK | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 4/17/2011 10:29:21 PM | Computer Name = Ken-THINK | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
with error: The data is invalid. .
Error - 4/18/2011 8:56:37 AM | Computer Name = Ken-THINK | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 11/27/2011 6:14:14 PM | Computer Name = Ken-THINK | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
Error - 11/27/2011 6:14:14 PM | Computer Name = Ken-THINK | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 12/16/2011 10:46:32 AM | Computer Name = Ken-THINK | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:36:29 AM on ?12/?16/?2011 was unexpected.
Error - 12/30/2011 12:19:28 PM | Computer Name = Ken-THINK | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.
Error - 12/30/2011 12:30:53 PM | Computer Name = Ken-THINK | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 12/30/2011 4:47:41 PM | Computer Name = Ken-THINK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.
Error - 12/30/2011 4:47:41 PM | Computer Name = Ken-THINK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.
Error - 12/30/2011 4:47:42 PM | Computer Name = Ken-THINK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.
Error - 12/30/2011 4:47:43 PM | Computer Name = Ken-THINK | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.
Error - 12/30/2011 8:46:43 PM | Computer Name = Ken-THINK | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.
< End of report >
OTL logfile created on: 1/3/2012 7:50:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ken\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.80 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 47.98% Memory free
7.60 Gb Paging File | 5.69 Gb Available in Paging File | 74.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.59 Gb Total Space | 160.36 Gb Free Space | 34.52% Space Free | Partition Type: NTFS
Computer Name: KEN-THINK | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/03 19:35:26 | 000,584,192 | ---- | M] (OldTimer Tools) – C:\Users\Ken\Downloads\OTL (2).exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/23 15:19:16 | 000,296,056 | ---- | M] (RealNetworks, Inc.) – C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/14 05:56:21 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) – C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) – C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) – C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) – C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/04/20 16:23:28 | 000,062,312 | ---- | M] (Lenovo Group Limited) – C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () – C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () – C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () – C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () – C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/11/28 13:01:23 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\afwServ.exe – (avast! Firewall)
SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)
SRV:64bit: - [2011/04/20 09:04:38 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] – C:\Program Files\Lenovo\HOTKEY\tphkload.exe – (TPHKLOAD)
SRV:64bit: - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] – C:\Program Files\Lenovo\HOTKEY\micmute.exe – (LENOVO.MICMUTE)
SRV:64bit: - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] – C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe – (TPHKSVC)
SRV:64bit: - [2011/02/01 13:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] – C:\Windows\SysNative\ibmpmsvc.exe – (IBMPMSVC)
SRV:64bit: - [2010/07/15 00:23:58 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] – C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe – (RtkAudioService)
SRV:64bit: - [2010/04/20 16:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] – C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe – (LENOVO.TPKNRSVC)
SRV:64bit: - [2010/04/20 16:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] – C:\Program Files\Lenovo\Communications Utility\CamMute.exe – (LENOVO.CAMMUTE)
SRV:64bit: - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] – C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe – (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/10/09 15:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] – C:\Windows\SysNative\TPHDEXLG64.exe – (TPHDEXLGSVC)
SRV:64bit: - [2009/09/29 20:25:48 | 000,126,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] – C:\Program Files\Intel\TurboBoost\TurboBoost.exe – (TurboBoost)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] – C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe – (MBAMService)
SRV - [2011/07/25 22:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] – C:\Program Files (x86)\Lenovo\System Update\SUService.exe – (SUService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe – (AdobeARMservice)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] – C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL – (HPSLPSVC)
SRV - [2010/08/24 13:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] – C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE – (Power Manager DBC Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe – (clr_optimization_v4.0.30319_32)
SRV - [2009/11/03 23:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe – (UNS) Intel(R)
SRV - [2009/11/03 23:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe – (LMS) Intel(R)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] – C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe – (UleadBurningHelper)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] – C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe – (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] – C:\Windows\SysNative\drivers\mbam.sys – (MBAMProtector)
DRV:64bit: - [2011/11/28 12:54:44 | 000,140,120 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswFW.sys – (aswFW)
DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] – C:\Windows\SysNative\drivers\aswSnx.sys – (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswSP.sys – (aswSP)
DRV:64bit: - [2011/11/28 12:53:28 | 000,258,392 | ---- | M] (AVAST Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswNdis2.sys – (aswNdis2)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswRdr.sys – (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswTdi.sys – (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswMonFlt.sys – (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswFsBlk.sys – (aswFsBlk)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Rt64win7.sys – (RTL8167)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\usbaapl64.sys – (USBAAPL64)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsata.sys – (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amdxata.sys – (amdxata)
DRV:64bit: - [2011/02/01 13:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\ibmpmdrv.sys – (IBMPMDRV)
DRV:64bit: - [2010/09/07 13:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] – C:\Windows\SysNative\drivers\smiifx64.sys – (lenovo.smi)
DRV:64bit: - [2010/09/07 10:24:46 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswNdis.sys – (aswNdis)
DRV:64bit: - [2010/08/24 13:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] – C:\Windows\SysNative\drivers\TPPWR64V.SYS – (TPPWRIF)
DRV:64bit: - [2010/06/16 13:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\RimUsb_AMD64.sys – (RimUsb)
DRV:64bit: - [2010/05/17 03:32:56 | 001,107,488 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\rtl8192se.sys – (rtl8192se)
DRV:64bit: - [2010/04/29 20:19:30 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\igdkmd64.sys – (igfx)
DRV:64bit: - [2010/04/22 19:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\SynTP.sys – (SynTP)
DRV:64bit: - [2010/03/17 14:30:36 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\5U877.sys – (5U877)
DRV:64bit: - [2010/02/26 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Impcd.sys – (Impcd)
DRV:64bit: - [2010/02/08 07:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\RtsUStor.sys – (RSUSBSTOR)
DRV:64bit: - [2010/02/02 16:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\IntcDAud.sys – (IntcDAud) Intel(R)
DRV:64bit: - [2010/01/15 15:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\iaStor.sys – (iaStor)
DRV:64bit: - [2009/10/09 15:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\ApsX64.sys – (Shockprf)
DRV:64bit: - [2009/10/09 15:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\ApsHM64.sys – (TPDIGIMN)
DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\HECIx64.sys – (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsbs.sys – (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lsi_sas2.sys – (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\HpSAMD.sys – (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\stexstor.sys – (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\rootmdm.sys – (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\sdbus.sys – (sdbus)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\tpm.sys – (TPM)
DRV:64bit: - [2009/07/01 21:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\psadd.sys – (psadd)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\VSTDPV6.SYS – (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\VSTCNXT6.SYS – (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\VSTAZL6.SYS – (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\netw5v64.sys – (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\evbda.sys – (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\bxvbda.sys – (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\b57nd60a.sys – (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\hcw85cir.sys – (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\GEARAspiWDM.sys – (GEARAspiWDM)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\RimSerial_AMD64.sys – (RimVSerPort)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\SysWOW64\drivers\wimmount.sys – (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM..\URLSearchHook: {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files (x86)\Productivity_2.2\prxtbProd.dll (Conduit Ltd.)
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-3670436060-58936132-2259226351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-3670436060-58936132-2259226351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-3670436060-58936132-2259226351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3670436060-58936132-2259226351-1001..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found
IE - HKU\S-1-5-21-3670436060-58936132-2259226351-1001..\URLSearchHook: {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files (x86)\Productivity_2.2\prxtbProd.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3670436060-58936132-2259226351-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
========== FireFox ==========
FF - prefs.js…browser.startup.homepage: “http://www.google.com/webhp?rls=ig”
FF - prefs.js…extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js…extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js…network.proxy.no_proxies_on: “*.local”
FF - prefs.js…network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/SharePoint,version=14.0: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@real.com/nppl3260;version=15.0.0.198: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@real.com/nprjplug;version=15.0.0.198: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@real.com/nprpchromebrowserrecordext;version=15.0.0.198: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@real.com/nprphtml5videoshim;version=15.0.0.198: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@real.com/nprpjplug;version=15.0.0.198: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@RIM.com/WebSLLauncher,version=1.0: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\Adobe Reader: File not found
FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: File not found
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins@real.com/nppl3260;version=15.0.0.198: File not found
FF - HKLM\Software\MozillaPlugins@real.com/nprjplug;version=15.0.0.198: File not found
FF - HKLM\Software\MozillaPlugins@real.com/nprpchromebrowserrecordext;version=15.0.0.198: File not found
FF - HKLM\Software\MozillaPlugins@real.com/nprphtml5videoshim;version=15.0.0.198: File not found
FF - HKLM\Software\MozillaPlugins@real.com/nprpjplug;version=15.0.0.198: File not found
FF - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins@RIM.com/WebSLLauncher,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found
FF - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Users\Ken\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Users\Ken\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/01 22:59:22 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/06 08:32:02 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/23 15:19:31 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/30 11:29:21 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/30 11:29:21 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/30 11:29:21 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/01 22:59:22 | 000,000,000 | —D | M]
[2011/02/23 13:44:30 | 000,000,000 | —D | M] (No name found) – C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2011/01/23 22:33:44 | 000,000,000 | —D | M] (No name found) – C:\Users\Ken\AppData\Roaming\Mozilla\Extensions{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/19 22:22:11 | 000,000,000 | —D | M] (No name found) – C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\ks004rid.default\extensions
[2011/12/01 14:54:44 | 000,000,000 | —D | M] (No name found) – C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/12 08:07:50 | 000,000,000 | —D | M] (Java Console) – C:\Program Files (x86)\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/06 08:32:02 | 000,000,000 | —D | M] (avast! WebRep) – C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/11/23 15:19:31 | 000,000,000 | —D | M] (RealPlayer Browser Record Plugin) – C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/12/01 14:54:41 | 000,134,104 | ---- | M] (Mozilla Foundation) – C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/01 14:54:37 | 000,002,252 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/01 14:54:37 | 000,002,040 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\15.0.874.121\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ken\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0
CHR - Extension: avast! WebRep = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0
CHR - Extension: avast! WebRep = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR - Extension: Poppit = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Productivity 2.2 Toolbar) - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files (x86)\Productivity_2.2\prxtbProd.dll (Conduit Ltd.)
O3:64bit: - HKLM..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM..\Toolbar: (Productivity 2.2 Toolbar) - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files (x86)\Productivity_2.2\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3670436060-58936132-2259226351-1001..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM…\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM…\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM…\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM…\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM…\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM…\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM…\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM…\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19…\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20…\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM…\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3670436060-58936132-2259226351-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://mreis.mlxchange.com/5.1.01.9506/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} http://www.nnerenmls.com/nne/valid/osi_valid9m.ocx (osi_valid.uCltValid9m)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} https://www.mainstreetval.com/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 156.154.119.11 156.154.129.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{967AAD2E-C13C-43CD-87C9-1BE53DFCDB1E}: DhcpNameServer = 156.154.119.11 156.154.129.11
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2{9fa07512-febc-11df-9a68-806e6f6e6963}\Shell - “” = AutoRun
O33 - MountPoints2{9fa07512-febc-11df-9a68-806e6f6e6963}\Shell\AutoRun\command - “” = Q:\LenovoQDrive.exe
O34 - HKLM BootExecute: (autocheck autochk )
O35:64bit: - HKLM..comfile [open] – “%1” %
O35:64bit: - HKLM..exefile [open] – “%1” %*
O37:64bit: - HKLM.…com [@ = comfile] – “%1” %*
O37:64bit: - HKLM.…exe [@ = exefile] – “%1” %*
O37 - HKLM.…com [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
O37 - HKLM.…exe [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2012/01/03 16:54:10 | 000,000,000 | —D | C] – C:\Program Files\Windows Mail
[2012/01/03 16:10:05 | 000,000,000 | —D | C] – C:\Users\Ken\AppData\Roaming\FreeFixer
[2012/01/03 16:10:05 | 000,000,000 | —D | C] – C:\Users\Ken\AppData\Local\FreeFixer
[2012/01/03 16:09:51 | 000,000,000 | —D | C] – C:\Program Files\FreeFixer
[2012/01/03 13:28:54 | 000,000,000 | —D | C] – C:\Users\Ken\AppData\Roaming\TestApp
[2012/01/03 13:28:54 | 000,000,000 | —D | C] – C:\ProgramData\PC Tools
[2012/01/03 13:16:25 | 000,000,000 | —D | C] – C:\Users\Ken\AppData\Roaming\spambutcher
[2011/12/30 22:51:08 | 000,000,000 | —D | C] – C:\Users\Ken\Desktop\party food
[2011/12/30 11:32:43 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/30 11:32:14 | 000,000,000 | —D | C] – C:\Program Files\iTunes
[2011/12/30 11:32:14 | 000,000,000 | —D | C] – C:\Program Files (x86)\iTunes
[2011/12/30 11:32:14 | 000,000,000 | —D | C] – C:\Program Files\iPod
[2011/12/30 11:29:16 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/30 11:29:10 | 000,000,000 | —D | C] – C:\Program Files (x86)\QuickTime
[2011/12/21 14:30:22 | 000,000,000 | —D | C] – C:\Users\Ken\Desktop\New folder
[2011/12/05 21:07:09 | 000,000,000 | —D | C] – C:\Users\Ken\Desktop\Burr 2011
[2010/02/03 23:00:00 | 000,139,264 | ---- | C] ( ) – C:\Windows\sipr3260.dll
========== Files - Modified Within 30 Days ==========
[2012/01/03 19:03:06 | 000,000,900 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3670436060-58936132-2259226351-1001UA.job
[2012/01/03 19:00:06 | 000,000,892 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/03 18:27:28 | 000,040,960 | ---- | M] () – C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/03 17:00:30 | 000,726,316 | ---- | M] () – C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/03 17:00:30 | 000,624,178 | ---- | M] () – C:\Windows\SysNative\perfh009.dat
[2012/01/03 17:00:30 | 000,106,522 | ---- | M] () – C:\Windows\SysNative\perfc009.dat
[2012/01/03 14:00:02 | 000,000,888 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/03 13:03:01 | 000,000,848 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3670436060-58936132-2259226351-1001Core.job
[2012/01/03 11:00:14 | 000,000,466 | ---- | M] () – C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/03 10:18:54 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat
[2012/01/02 20:33:39 | 000,015,000 | ---- | M] () – C:\Users\Ken\Desktop\rapid-renewal.pdf
[2012/01/02 12:20:08 | 000,015,792 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 12:20:08 | 000,015,792 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 23:23:42 | 3061,223,424 | -HS- | M] () – C:\hiberfil.sys
[2011/12/28 16:30:17 | 000,000,528 | ---- | M] () – C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/28 16:27:36 | 000,000,000 | ---- | M] () – C:\Windows\SysWow64\config.nt
[2011/12/28 15:47:45 | 000,105,210 | ---- | M] () – C:\Users\Ken\Desktop\key bank transactions.pdf
[2011/12/17 03:21:36 | 000,441,296 | ---- | M] () – C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) – C:\Windows\SysNative\drivers\mbam.sys
[2011/12/08 12:58:49 | 003,194,441 | ---- | M] () – C:\Users\Ken\Desktop\ChangeofLicenseInd09-NH.pdf
[2011/12/08 12:53:59 | 000,864,085 | ---- | M] () – C:\Users\Ken\Desktop\ChangeofLicenseInd09-ME.pdf
========== Files Created - No Company Name ==========
[2012/01/02 20:33:36 | 000,015,000 | ---- | C] () – C:\Users\Ken\Desktop\rapid-renewal.pdf
[2011/12/28 15:47:41 | 000,105,210 | ---- | C] () – C:\Users\Ken\Desktop\key bank transactions.pdf
[2011/12/08 12:58:40 | 003,194,441 | ---- | C] () – C:\Users\Ken\Desktop\ChangeofLicenseInd09-NH.pdf
[2011/12/08 12:53:48 | 000,864,085 | ---- | C] () – C:\Users\Ken\Desktop\ChangeofLicenseInd09-ME.pdf
[2011/03/14 09:30:38 | 004,369,408 | ---- | C] () – C:\Windows\SysWow64\pdftk.exe
[2011/03/14 09:30:38 | 001,503,232 | ---- | C] () – C:\Windows\SysWow64\ptj.exe
[2011/03/14 09:30:38 | 001,103,360 | ---- | C] () – C:\Windows\SysWow64\cidfont.dll
[2011/03/14 09:30:37 | 000,235,008 | ---- | C] () – C:\Windows\SysWow64\office.exe
[2011/01/10 09:14:31 | 000,040,960 | ---- | C] () – C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/03 10:37:04 | 000,159,836 | ---- | C] () – C:\Windows_isusr32.dll
[2011/01/03 10:37:04 | 000,032,768 | ---- | C] () – C:\Windows\SysWow64_isusr2k.dll
[2011/01/01 22:55:20 | 000,221,535 | ---- | C] () – C:\Windows\hpoins19.dat
[2011/01/01 22:55:20 | 000,013,898 | ---- | C] () – C:\Windows\hpomdl19.dat
[2010/12/29 01:23:14 | 000,079,360 | ---- | C] () – C:\Windows\SysWow64\ff_vfw.dll
[2010/12/03 04:16:16 | 000,870,560 | ---- | C] () – C:\Windows\SysWow64\igkrng575.bin
[2010/12/03 04:16:16 | 000,208,896 | ---- | C] () – C:\Windows\SysWow64\iglhsip32.dll
[2010/12/03 04:16:16 | 000,143,360 | ---- | C] () – C:\Windows\SysWow64\iglhcp32.dll
[2010/12/03 04:16:15 | 000,127,868 | ---- | C] () – C:\Windows\SysWow64\igcompkrng575.bin
[2010/12/03 04:16:15 | 000,104,636 | ---- | C] () – C:\Windows\SysWow64\igfcg575m.bin
[2010/06/23 11:35:52 | 000,790,528 | ---- | C] () – C:\Windows\SysWow64\xvidcore.dll
[2010/06/23 11:35:52 | 000,134,144 | ---- | C] () – C:\Windows\SysWow64\xvidvfw.dll
[2010/03/15 04:31:48 | 000,165,376 | ---- | C] () – C:\Windows\SysWow64\unrar.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () – C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () – C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () – C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () – C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () – C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () – C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () – C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () – C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () – C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () – C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () – C:\Windows\SysWow64\mlang.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () – C:\Windows\AviSplitter.INI
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () – C:\Windows\SysWow64\missouri.dll
========== LOP Check ==========
[2011/05/23 14:52:03 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\Amazon
[2011/02/02 11:45:48 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\AnvSoft
[2011/02/25 15:43:53 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1
[2011/02/25 15:45:35 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/02/25 15:41:40 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\com.parleys.ParleysDesktop.5CB8B8E067751542E9A0D10C3FBFDC8FEA2E9480.1
[2011/09/07 09:39:27 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\DriverCure
[2011/04/04 16:08:56 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\eFax Messenger
[2011/04/04 20:06:59 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\FileExchange
[2012/01/02 15:53:46 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\FileZilla
[2012/01/03 16:45:08 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\FreeFixer
[2011/02/02 11:08:58 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\InterVideo
[2010/12/27 19:53:53 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\IrfanView
[2011/04/04 16:07:13 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\j2 Global
[2011/09/07 10:04:41 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\PCDr
[2011/01/30 22:27:32 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\Research In Motion
[2010/12/27 19:52:47 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\Softland
[2012/01/03 13:30:44 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\spambutcher
[2011/09/07 09:39:27 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\SpeedMaxPc
[2012/01/03 13:28:54 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\TestApp
[2011/01/23 22:33:44 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\Thunderbird
[2011/04/01 07:19:39 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\TP
[2011/01/10 07:00:39 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\Uniblue
[2011/09/07 10:01:46 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\Update
[2011/01/11 12:52:45 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\Win7codecs
[2010/12/27 20:09:31 | 000,000,000 | —D | M] – C:\Users\Ken\AppData\Roaming\Windows Live Writer
[2011/12/28 16:30:17 | 000,000,528 | ---- | M] () – C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/20 10:00:25 | 000,032,614 | ---- | M] () – C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/03 11:00:14 | 000,000,466 | ---- | M] () – C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) – C:\install.exe
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 – C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/12/03 05:00:08 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF – C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/12/03 04:59:03 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/12/03 05:00:08 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/03 04:59:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/12/03 05:00:08 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/03 04:59:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/03 05:00:08 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/12/03 04:59:03 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 – C:\Program Files (x86)\Malwarebytes’ Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D – C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D – C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 – C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 – C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE – C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE – C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/03 05:00:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 – C:\Program Files (x86)\Malwarebytes’ Anti-Malware\Chameleon\winlogon.exe
[2010/12/03 05:00:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A – C:\Windows\SysNative\winlogon.exe
[2010/12/03 05:00:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
“DisplayName” = @%SystemRoot%\system32\drivers\netbt.sys,-2
“Group” = PNP_TDI
“ImagePath” = System32\DRIVERS\netbt.sys
“Description” = @%SystemRoot%\system32\drivers\netbt.sys,-1
“ErrorControl” = 1
“Start” = 1
“Type” = 1
“DependOnService” = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
“BcastNameQueryCount” = 3
“BcastQueryTimeout” = 750
“CacheTimeout” = 600000
“EnableLMHOSTS” = 1
“NameServerPort” = 137
“NameSrvQueryCount” = 3
“NameSrvQueryTimeout” = 1500
“NbProvider” = tcp
“SessionKeepAlive” = 3600000
“Size/Small/Medium/Large” = 1
“TransportBindName” = \Device
“UseNewSmb” = 1
“DhcpNodeType” = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip{967AAD2E-C13C-43CD-87C9-1BE53DFCDB1E}]
“NameServerList” = [binary data]
“NetbiosOptions” = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A17C6B8F-22A4-483B-B8A5-D799CE85A18A}]
“NameServerList” = [binary data]
“NetbiosOptions” = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
“OtherDependencies” = Tcpip [binary data]
“Bind” = [Binary data over 100 bytes]
“Route” = [Binary data over 100 bytes]
“Export” = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
“Security” = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
“0” = Root\LEGACY_NETBT\0000
“Count” = 1
“NextInstance” = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
“Type” = 2
“Start” = 1
“ErrorControl” = 1
“Tag” = 2
“ImagePath” = system32\DRIVERS\netbios.sys
“DisplayName” = NetBIOS Interface
“Group” = NetBIOSGroup
“Description” = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
“MaxLana” = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
“LanaMap” = 01 04 01 02 01 07 01 00 01 06 01 05 01 01 01 03 [binary data]
“Bind” = [Binary data over 100 bytes]
“Route” = [Binary data over 100 bytes]
“Export” = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
“0” = Root\LEGACY_NETBIOS\0000
“Count” = 1
“NextInstance” = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd /s >
“BootFlags” = 1
“DisplayName” = @%systemroot%\system32\drivers\afd.sys,-1000
“Group” = PNP_TDI
“ImagePath” = \SystemRoot\system32\drivers\afd.sys
“Description” = @%systemroot%\system32\drivers\afd.sys,-1000
“ErrorControl” = 1
“Start” = 1
“Type” = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd\Enum]
“0” = Root\LEGACY_AFD\0000
“Count” = 1
“NextInstance” = 1
< C:\Windows\assembly\tmp\U*.* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes → C:\ProgramData\TEMP:D287FACF
< End of report >
sorry it is all in peices, but the two reports have been added
why not use the attaching feature…
its on the bottom left of the box in which u write reply.>addition options>choose file.