0

Hello,

I've clicked by mistake on a suspicious link send by a spam mail.

The mail was something about information about bed bugs,

This was the link:
*** malware link deleted ***

After clicking on it, the web address was changed to this one

*** malware link deleted ***

and there was a msg saying:

Server Error

404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
(attached it's pic)

I;m worried that I let something bad getting to my computer via a backdoor or something similat.

Please advise me how to fix that problem if there is any, I don't really know..

I ran avasr anti virus and found the folowing:
(attached pic)

I moved what was possible to chest, as was possible by avast, but I son't know about the other findings. that it says that the system cannot find the path specified.

Please, I'm worried advise me
Thanks
Tori

Edited by happygeek: malware links deleted

Attachments screen1.JPG 59.79 KB screen2.JPG 57.63 KB screen3.JPG 47.21 KB screen4.JPG 54.48 KB screen5.JPG 54.17 KB screen5.JPG 54.17 KB screen.JPG 63.42 KB screen6.JPG 55.59 KB screen7.JPG 55.19 KB the_msg.JPG 45.29 KB
3
Contributors
34
Replies
37
Views
4 Years
Discussion Span
Last Post by gerbil
1

Would a moderator please kill the two links in the first post?.... the site is viral. Malicious.

Edited by gerbil

0

Tori... your pic shows yor sys got whacked.
The series of files showing Error, cannot find... are all part of your Avast. Check they do exist. If those files are missing you might need to uninstall your Avast with http://www.avast.com/uninstall-utility ... and reinstall it.
Tcpip.sys is vital for net communication - it was infected and so moved to chest by you...quarantined. Good move. Because it is a protected file it was likely restored from cache, or you would not be posting. I note that the dllcache file was not infected, so you have a good copy running now.
You are running XP, right? Then you should download KB2509553\SP3QFE from Microsoft because you are missing that from $hf_mig folder.

Edited by gerbil

0

Do not click on the links. Blue Coat reports these sites as:
Scam/Questionable/Illegal and Spam
Scam/Questionable/Illegal

A note to anyone else that may be on this site regarding questions about malware... Dont post hyperlinks to the source of malware. If you want to refer to the site, at most, post the URL, but not as a link..post it as text so someone else doesnt click on it and get infected as well.

0

Dear gerbi, thanks a lot
( I am sorry I sent live hyperlinks )

Please I need a clarifications as step by step manual ..

  1. I was looking for the files that were reported as missing, and found them under avast (a pic attached) , so what does it mean, I do not have to uninstall avast? so why are they being reported as missing? (also, there are three copies of those files, but size is differnt, why?)
    I could not find files: aooo5267.dll and a0005268.ini, what are those files?

  2. What is the dlcache file, and how do you know it is not infected?

  3. I want to install the KB2509553\SP3QFE for my winxp sp3, but I must restart the computer after it, I'm affraid to restart, beore I know what I ad doing.

  4. I ddon't really have an idea what to do with the files I mooved to chest, what shall I do about them? If they are important, how do I reconstruct them without having the virus?

Thank you
Tori

Edited by tori

Attachments screen10.JPG 20.86 KB
0

-aswCmnBS.dll is sent often with virus definitions, I don't know its function [guess... to do with bit streaming?], it does change in size. Your Avast is a little different to mine [Avast5], but the file is the same. The 12120500, 12120501 are versions of updates, I don't know why you have two versions showing... 12120501 is current in mine.
Possibly a rescan will not report those files as missing.
-system32\dllcache is where the OS caches vital files, it uses them to automatically replace damaged copies in use in system32. Files in dllcache can be updated by KB downloads [fixes] from Microsoft, a copy will also go to $hf_mig folders so that your system knows what is the latest version to use.
- I think you are safe to restart to finish installing the KB... your system will not start to use the new version of tcpip.sys until you do.
- the remaining files you moved to chest are safe in there. I personally don't much trust any executable files which are in C: root... C:\ ; I think it would be safe to remove them from the chest, delete them. Any software which misses them would let you know.

Edited by gerbil

0

A note about scanning with Avast. I cannot remember when I last did a scan of any sort; what such a scan does is also check files which are not currently in use. Believe me, when something wants to use any file, executable or data, Avast will scan it before it is loaded. Same with downloads [Avast handles your downloads directly], including website script. Avast marks files it checks as safe, if unchanged next time they are to be loaded then no new scan wil be done, if they have changed in any way they will be rescanned before being loaded

Edited by gerbil

0

I don't see any exe files directly in c: , or I missunderstood,
I ran Malwerbytes now (mbam) and got a result that there is one infection:
what does it nean, if I already moved the bad file that were found by avast to chest?

Attachments screen11.JPG 46.13 KB
0

There is still something there...
Please advise,
Thank you

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.06.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lenono-Y :: LENOVO-3FDFF327 [administrator]

Protection: Enabled

12/6/2012 5:13:21 AM
mbam-log-2012-12-06 (09-12-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220896
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

**
GMER ONE**
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-12-06 09:10:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000BPVT-00HXZT1 rev.01.01A01
Running: yu6bfiz8.exe; Driver: C:\DOCUME~1\Lenono-Y\LOCALS~1\Temp\awqdyfog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8845D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8845BAD]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA88F1E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs ibmfilter.sys (IBM Rescue and Recovery filter driver/IBM)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GMER TWO

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-06 09:09:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000BPVT-00HXZT1 rev.01.01A01
Running: yu6bfiz8.exe; Driver: C:\DOCUME~1\Lenono-Y\LOCALS~1\Temp\awqdyfog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA88034BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA88D8C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA8803ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8845811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA880EFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA880EFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA880F176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA88451C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA880EF16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA880F038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA880EF5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA880411C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA880F130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA880493E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8803508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA8845ED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA884618D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA88081C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8845D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8845BAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA88D8CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA8803170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA8803556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8808534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA88053A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA880EFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA880F016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA880F19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8845521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA880EF3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA8807C3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA880F0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA880EF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA8807F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA880F154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA88D8E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA8845A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA8805272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA884587A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA8804DD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA88E57D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8844838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA88035A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA88035F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA88047BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA88031FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA88033AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8845FDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA8803350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA8804AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA8804C54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA880341A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA88044D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA8804636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA88D741C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA8803640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA8803F1A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA88F1E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs ibmfilter.sys (IBM Rescue and Recovery filter driver/IBM)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b7 hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2926485258-2016663309-152248062-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2926485258-2016663309-152248062-500\c6072fdb-b5a7-4e6f-be30-f3647a520066 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2926485258-2016663309-152248062-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3964865416-1690085537-698281317-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3964865416-1690085537-698281317-500\b438a5d1-b0cd-49fb-833f-6046b605d66f 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3964865416-1690085537-698281317-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_8b03e9a4-2970-48b3-983b-de491589dfd6 901 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_8b03e9a4-2970-48b3-983b-de491589dfd6 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_8b03e9a4-2970-48b3-983b-de491589dfd6 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_8b03e9a4-2970-48b3-983b-de491589dfd6 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_8b03e9a4-2970-48b3-983b-de491589dfd6 893 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2926485258-2016663309-152248062-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2926485258-2016663309-152248062-500\c6072fdb-b5a7-4e6f-be30-f3647a520066 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2926485258-2016663309-152248062-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3964865416-1690085537-698281317-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3964865416-1690085537-698281317-500\b438a5d1-b0cd-49fb-833f-6046b605d66f 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3964865416-1690085537-698281317-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3938136012-1047769790-43693901-1005 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3938136012-1047769790-43693901-1005\122127ce0ab145a76394012300abc188_8b03e9a4-2970-48b3-983b-de491589dfd6 1294 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3938136012-1047769790-43693901-1005\4bbe7727b6157075bf8b1df911aff509_8b03e9a4-2970-48b3-983b-de491589dfd6 2485 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3938136012-1047769790-43693901-1005\533145ef011ddf5ca3983e2545a902b4_8b03e9a4-2970-48b3-983b-de491589dfd6 2075 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3938136012-1047769790-43693901-1005\8f71098770f72c7a67cd8f1151619865_8b03e9a4-2970-48b3-983b-de491589dfd6 54 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3938136012-1047769790-43693901-1005\dac56a91d0232dd42d2178b7ebc3b6e8_8b03e9a4-2970-48b3-983b-de491589dfd6 879 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect\S-1-5-21-2926485258-2016663309-152248062-500 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect\S-1-5-21-2926485258-2016663309-152248062-500\c6072fdb-b5a7-4e6f-be30-f3647a520066 388 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect\S-1-5-21-2926485258-2016663309-152248062-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect\S-1-5-21-3938136012-1047769790-43693901-1005 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect\S-1-5-21-3938136012-1047769790-43693901-1005\0f1aea18-5af3-4d08-9568-db38e15a62fd 388 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect\S-1-5-21-3938136012-1047769790-43693901-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect\S-1-5-21-3964865416-1690085537-698281317-500 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect\S-1-5-21-3964865416-1690085537-698281317-500\b438a5d1-b0cd-49fb-833f-6046b605d66f 388 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\Protect\S-1-5-21-3964865416-1690085537-698281317-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\ThinkVantage\Client Security\encobject.dat 8040 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\ThinkVantage\Client Security\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\ThinkVantage\Client Security\hwkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\ThinkVantage\Client Security\pwdrecovery.dat 1104 bytes
File C:\RRbackups\Documents and Settings\Lenono-Y\Application Data\ThinkVantage\Client Security\symkeys.dat 2624 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\hints.dat 8192 bytes
File C:\RRbackups\regcerts.dat 8192 bytes
File C:\RRbackups\rr.log 1083 bytes
File C:\RRbackups\SAM 28672 bytes
File C:\RRbackups\system 6291456 bytes
File C:\RRbackups\system.dat 12288 bytes
File C:\RRbackups\tvt.txt 10260 bytes
File C:\RRbackups\usersids.dat 17680 bytes

---- EOF - GMER 1.0.15 ----

0

Hello, Tori.
Re my comment about not trusting executable files in c: root, you already moved them to the Avast quarantine chest. So now you have no .exe files in C:. Fine. It should be safe to empty that chest.
Re the MBAM detection of SecurityCenter|FirewallDisableNotify being reset... well, some AV products themselves do that, the reason being that they themselves monitor whether they have been interfered with, or an attempt has been made to do so, so there is no reason for XP to report on it also. That setting controls the little popup you will see if you turn off your AV or firewall [it is the M$ Security Centre warning]. Your AV is just resetting that registry value after MBAM changes it. Not a worry.
I see nothing wrong with your system, nothing detected by GMER.
What GMER does show though, and this is completely unrelated to malware, is that your hdd is being consumed by [many empty] R&R [= Rescue and Recovery] folders. You could delete the old ones if you require some more space by going into Safe Mode. I'll leave that up to you.

0

Some more, Tori.
Having done a bit of a search, I have come up with this for a couple of those detections in your first attachment - there are two files which show a status of "Error: File is currently offline - it is currently not available" [that is the complete message...].
Those two have not been quarantined, and you cannot see them, likely they are hidden. Your Avast by default is set to not scan offline files because they may be on a disconnected drive, or a network and scanning would be slow. You have a lappie, and those files should be scannable but an attribute has been set on them to say they are offline. Let's get around that... :), and scan them:
Navigate to DocsnSetts\All Users\Application Data\Avastx. Avast5? Avast7? x may be 5, 7 or some other number, or nothing.
Drag the file Avastx.ini into Notepad.
At the top there is a section [Scanner]. Type or paste this into it..
ScanOfflineFiles=1
...and save the .ini file. Click Yes on the modification warning. [See?, you don't also need M$ to warn you of interference with your AV or firewall].
Now try a quick scan.

Edited by gerbil

0

Thank you gerbil, but at the moment I'm on trouble..
My system lost stability... I stops a lot, It lost the sound ability, and... the ability to contact the web, I'm looking for a solution, It is a problem getting online, maybe .. I think of reformating the c; partition and install the whole system from the beginnig. It is a lenovo laptop running winxp sp3.

0

Tori, let's see what you have got. Firstly...
==Get CCleaner from http://www.piriform.com/ccleaner or http://www.filehippo.com/download_ccleaner - and install it. You should keep this one for general use. I set the installation checkboxes only to Open and Run from the recycle bin. It's neater that way.
I also suggest you uncheck the Google Chrome installation boxes.
Run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the CCleaner options...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
Run CCleaner in any other Accounts.

Next... ==Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.

  • Double click on the icon to start the application.
  • Press Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes, leave other sections as they are.
  • Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

  • Press Run Scan.
    The scan will take maybe 5 minutes; 2 notepads will present [saved to the place from where you ran OTL.exe] - please post both.

And finally use either of...
==Kaspersky Online Scan, from http://www.kaspersky.com/virusscanner - download Kaspersky Security Scan.
==Eset Online Scanner using IE only: http://www.eset.com/home/products/online-scanner

Please post all logs/reports

0

Gerbil,
The machine goes very slowly and stops a lot. No voice sounds, and no internet.
I ran ccleaner
OTL gave only one notpad
Kaspersky, didn't do, it said no connection
Is it a bad idea to formate c:?

Here is the OTL note:

OTL logfile created on: 12/8/2012 9:54:12 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = E:\programs against malwares
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 51.75% Memory free
3.83 Gb Paging File | 2.62 Gb Available in Paging File | 68.37% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.30 Gb Total Space | 98.11 Gb Free Space | 66.61% Space Free | Partition Type: NTFS
Drive E: | 213.16 Gb Total Space | 105.03 Gb Free Space | 49.28% Space Free | Partition Type: NTFS

Computer Name: LENOVO | User Name: Lenono-Y| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - E:\programs against malwares\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe (IObit)
PRC - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Program Files\Rynga.com\Rynga\Rynga.exe (Rynga)
PRC - C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe (VoipConnect)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
PRC - C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
PRC - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NetMeter\NetMeter.exe ()
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files\AVAST Software\Avast\defs\12120701\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\12120700\algo.dll ()
MOD - C:\WINDOWS\system32\pdf995mon.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avformat-54.dll ()
MOD - C:\Program Files\VMware\VMware Player\liblber.dll ()
MOD - C:\Program Files\VMware\VMware Player\libldap_r.dll ()
MOD - C:\Program Files\VMware\VMware Player\libxml2.dll ()
MOD - C:\Program Files\VMware\VMware Player\libcurl.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\ASCComputerMenu.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll ()
MOD - C:\Program Files\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\NetMeter\NetMeter.exe ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL ()
MOD - C:\WINDOWS\system32\tphklock.dll ()
MOD - C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL ()
MOD - C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL ()
MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll ()
MOD - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe ()
MOD - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherCommon.dll ()
MOD - C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll ()
MOD - C:\WINDOWS\system32\notifyf2.dll ()
MOD - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()
MOD - C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll ()
MOD - C:\WINDOWS\system32\TpKmpSvc.exe ()
MOD - C:\Program Files\ICQ\ICQPlug.dll ()
MOD - C:\Program Files\ICQ\ICQSMSST.dll ()
MOD - C:\Program Files\ICQ\ICQCool.dll ()
MOD - C:\Program Files\ICQ\ICQTsLib.dll ()
MOD - C:\Program Files\ICQ\ICQTicker.dll ()
MOD - C:\Program Files\ICQ\ICQConLb.dll ()
MOD - C:\Program Files\ICQ\ICQDBService.dll ()
MOD - C:\Program Files\ICQ\ICQProLib.dll ()
MOD - C:\Program Files\ICQ\ICQFTLib.dll ()
MOD - C:\Program Files\ICQ\ICQSmartDll.dll ()
MOD - C:\Program Files\ICQ\icquiex.dll ()
MOD - C:\Program Files\ICQ\ICQSkinUtils.dll ()
MOD - C:\Program Files\ICQ\icqsock.dll ()
MOD - C:\Program Files\ICQ\icqwcom.dll ()
MOD - C:\Program Files\ICQ\icqwutl.dll ()
MOD - C:\Program Files\ICQ\icqcutl.dll ()
MOD - C:\Program Files\ICQ\icqrt.dll ()
MOD - C:\Program Files\ICQ\actskin4.ocx ()
MOD - C:\Program Files\ICQ\zlib.dll ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File not found
SRV - (HitmanPro37Crusader) -- C:\Documents and Settings\Lenono-Y\Desktop\HitmanPro.exe /crusader File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (UCLauncherService) -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe ()
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (WDICA) --  File not found
DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (Changer) --  File not found
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (vsock) -- C:\WINDOWS\system32\drivers\vsock.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys (IObit.com)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys (IObit)
DRV - (smihlp) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (ElRawDisk) -- C:\WINDOWS\system32\drivers\rsdrv.sys (EldoS Corporation)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (IntelĀ® Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (imagesrv) -- C:\WINDOWS\system32\drivers\imagesrv.sys (Ahead Software AG)
DRV - (imagedrv) -- C:\WINDOWS\system32\drivers\imagedrv.sys (Ahead Software AG)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {DFED8F93-399D-4F29-B581-A28912DA3057}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{DFED8F93-399D-4F29-B581-A28912DA3057}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0&ocid=iehp&tc=20
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 68 57 93 23 BC CD 01  [binary data]
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes,DefaultScope = {DFED8F93-399D-4F29-B581-A28912DA3057}
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT151685
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\{DFED8F93-399D-4F29-B581-A28912DA3057}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_enIL509
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\Google: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/11/06 16:02:27 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome  ==========[/color]

CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - Extension: Weather (extension) = C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.9.0.7_0\
CHR - Extension: YouTube = C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.49_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (AuthenTec Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe ()
O4 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\Run: [Rynga] C:\Program Files\Rynga.com\Rynga\Rynga.exe (Rynga)
O4 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\Run: [VoipConnect] C:\Program Files\VoipConnect.com\VoipConnect\VoipConnect.exe (VoipConnect)
O4 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Lenono-Y\Start Menu\Programs\Startup\KnowledgePulse.lnk = C:\Program Files\KnowledgePulse\KnowledgePulse.exe (Research Studios Austria)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352182832906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352182997062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (AuthenTec Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/05 21:11:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/12/08 07:30:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lenono-Y\Recent
[2012/12/08 07:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/12/08 07:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/07 12:11:26 | 000,000,000 | RHSD | C] -- C:\RRbackups
[2012/12/07 12:06:02 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2012/12/07 12:06:02 | 000,116,472 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2012/12/07 12:06:02 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2012/12/07 12:06:02 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2012/12/07 12:06:02 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2012/12/07 12:06:01 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2012/12/07 12:05:59 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2012/12/07 12:05:59 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2012/12/07 12:04:46 | 000,000,000 | ---D | C] -- C:\SWSHARE
[2012/12/07 12:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2012/12/07 11:16:23 | 000,030,144 | ---- | C] (Lenovo (United States) Inc.) -- C:\WINDOWS\System32\drivers\psadd.sys
[2012/12/07 09:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\Help
[2012/12/07 09:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\Help
[2012/12/07 08:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPBA
[2012/12/07 08:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkVantage Fingerprint Software
[2012/12/07 08:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UIB
[2012/12/07 08:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/12/07 06:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\My Documents\Downloads
[2012/12/07 05:17:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lenono-Y\Desktop\Programs
[2012/12/07 04:03:49 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/12/06 23:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Fix 2012
[2012/12/06 19:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/12/06 19:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/12/06 05:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\Malwarebytes
[2012/12/06 05:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/12/04 18:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\ActionVoip.com
[2012/12/04 18:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\InterVoip.com
[2012/12/04 14:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2012/12/04 12:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Start Menu\Programs\Recovery
[2012/12/04 12:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recovery
[2012/12/04 12:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dellmont
[2012/12/04 12:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google
[2012/12/02 17:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\pdf995
[2012/12/02 17:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\pdf995
[2012/12/02 17:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/12/02 17:45:50 | 001,671,168 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2012/12/02 17:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software995
[2012/12/02 17:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995
[2012/12/02 08:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeter
[2012/12/02 08:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NetMeter
[2012/12/02 07:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\My Documents\My Received Files
[2012/12/02 00:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/12/01 22:56:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2012/12/01 22:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\Nokia
[2012/12/01 22:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\PC Suite
[2012/12/01 22:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/12/01 21:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012/12/01 21:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2012/12/01 21:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/12/01 21:54:50 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012/12/01 21:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/12/01 21:54:05 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2012/12/01 21:54:04 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2012/12/01 21:54:03 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2012/12/01 21:54:00 | 000,605,696 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2012/12/01 21:54:00 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2012/12/01 21:54:00 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2012/12/01 21:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/12/01 21:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/11/29 00:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\Apple Computer
[2012/11/29 00:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/11/29 00:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/29 00:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\Apple
[2012/11/29 00:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/11/29 00:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/11/29 00:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\Apple Computer
[2012/11/28 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\DDR - Memory Card Recovery
[2012/11/28 14:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\Media Player Classic
[2012/11/28 14:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/28 14:40:31 | 000,022,312 | ---- | C] (EldoS Corporation) -- C:\WINDOWS\System32\drivers\rsdrv.sys
[2012/11/28 14:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Remo Recover
[2012/11/28 10:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\CardRecovery
[2012/11/28 09:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\DDR - Memory Card Recovery(Demo)
[2012/11/27 23:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\RescuePRO
[2012/11/27 23:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\RescuePRO
[2012/11/27 21:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\VMware
[2012/11/27 18:30:06 | 000,086,094 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\ImageDrive.cpl
[2012/11/27 12:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\My Documents\My Virtual Machines
[2012/11/27 12:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\VMware
[2012/11/27 12:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\VMware
[2012/11/27 12:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2012/11/27 12:45:52 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vsocklib.dll
[2012/11/27 12:45:51 | 000,061,464 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vsock.sys
[2012/11/27 12:45:38 | 000,025,624 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2012/11/27 12:43:49 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2012/11/27 12:43:44 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2012/11/27 12:43:42 | 000,025,752 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2012/11/27 12:43:23 | 000,779,928 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2012/11/27 12:43:13 | 000,041,496 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\hcmon.sys
[2012/11/27 12:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VMware
[2012/11/27 12:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2012/11/27 12:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012/11/27 12:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2012/11/26 08:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\My Documents\Fax
[2012/11/21 10:00:22 | 000,619,136 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2012/11/21 10:00:22 | 000,217,088 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2012/11/21 10:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Edimax Driver
[2012/11/21 09:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\InstallShield
[2012/11/19 14:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia
[2012/11/19 10:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2012/11/17 20:17:16 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2012/11/17 20:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2012/11/17 20:16:59 | 000,041,984 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
[2012/11/17 20:16:59 | 000,028,160 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2012/11/17 20:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\maemo
[2012/11/17 14:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\KnowledgePulse
[2012/11/17 13:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2012/11/17 13:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Start Menu\Programs\KnowledgePulse
[2012/11/17 13:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\KnowledgePulse
[2012/11/15 03:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2012/11/15 03:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/11/14 10:18:31 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\synceng.dll
[2012/11/12 06:09:46 | 000,330,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexch35.dll
[2012/11/12 06:09:46 | 000,287,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxbse35.dll
[2012/11/12 06:09:46 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspdox35.dll
[2012/11/12 06:09:46 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexcl35.dll
[2012/11/12 06:09:46 | 000,166,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msltus35.dll
[2012/11/12 06:09:46 | 000,165,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstext35.dll
[2012/11/12 06:09:45 | 001,045,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll
[2012/11/12 06:09:45 | 000,407,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll
[2012/11/12 06:09:45 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll
[2012/11/12 06:09:45 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll
[2012/11/12 06:09:44 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll
[2012/11/12 06:09:19 | 000,269,312 | ---- | C] (Stirling Technologies, Inc.) -- C:\WINDOWS\uninst.exe
[2012/11/12 06:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\WINDOWS
[2012/11/09 16:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/11/09 15:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lenono-Y\Application Data\ICQ
[2012/11/09 15:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ICQ
[2012/11/09 15:55:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\aod
[2012/11/09 15:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ
[2012/11/09 10:44:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/11/09 08:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2 C:\Documents and Settings\Lenono-Y\My Documents\*.tmp files -> C:\Documents and Settings\Lenono-Y\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/12/08 07:14:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/08 07:14:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/08 06:13:15 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/12/07 23:05:00 | 000,000,368 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/07 21:45:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2012/12/07 21:45:07 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/07 21:45:02 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\ASC6_PerformanceMonitor.job
[2012/12/07 21:44:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/07 21:44:13 | 2674,315,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/07 19:53:08 | 000,000,487 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012/12/07 11:16:23 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\System32\drivers\psadd.sys
[2012/12/07 11:16:22 | 000,379,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\PxWave.dll
[2012/12/07 11:16:21 | 000,187,128 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\PxMas.dll
[2012/12/07 11:16:21 | 000,129,784 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2012/12/07 11:16:21 | 000,118,520 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2012/12/07 11:16:21 | 000,064,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2012/12/07 11:16:20 | 000,510,712 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2012/12/07 11:16:20 | 000,116,472 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2012/12/07 11:16:20 | 000,072,440 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2012/12/07 11:16:20 | 000,064,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2012/12/07 11:16:19 | 001,628,920 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\PxSFS.DLL
[2012/12/07 11:16:19 | 000,547,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Px.dll
[2012/12/07 11:16:18 | 000,039,672 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\VXBLOCK.dll
[2012/12/07 11:16:18 | 000,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2012/12/07 11:16:16 | 000,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2012/12/07 07:59:21 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2012/12/07 07:43:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/07 07:18:10 | 000,000,194 | -HS- | M] () -- C:\BOOT.INI
[2012/12/07 04:55:33 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/12/07 04:03:49 | 000,000,312 | ---- | M] () -- C:\WINDOWS\System32\bootdelete.lst
[2012/12/06 05:32:34 | 000,047,236 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen11.JPG
[2012/12/06 04:15:49 | 000,021,357 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen10.JPG
[2012/12/05 22:28:01 | 000,056,517 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen7.JPG
[2012/12/05 22:27:29 | 000,056,926 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen6.JPG
[2012/12/05 22:27:03 | 000,055,471 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen5.JPG
[2012/12/05 22:26:28 | 000,055,791 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen4.JPG
[2012/12/05 22:25:36 | 000,048,342 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen3.JPG
[2012/12/05 22:24:58 | 000,064,937 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen.JPG
[2012/12/05 22:24:35 | 000,046,375 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\the msg.JPG
[2012/12/05 22:23:34 | 000,059,011 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen2.JPG
[2012/12/05 22:22:57 | 000,061,220 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen1.JPG
[2012/12/05 22:22:44 | 001,023,030 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen1.bmp
[2012/12/05 22:16:17 | 000,917,046 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen7.bmp
[2012/12/05 22:14:17 | 000,754,230 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen6.bmp
[2012/12/05 22:12:57 | 000,778,806 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen5.bmp
[2012/12/05 22:11:53 | 000,849,462 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen4.bmp
[2012/12/05 22:10:48 | 000,715,830 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen3.bmp
[2012/12/05 22:09:16 | 001,036,854 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen2.bmp
[2012/12/05 22:02:05 | 001,211,326 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen.bmp
[2012/12/05 21:37:11 | 001,825,270 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\the msg.bmp
[2012/12/04 14:44:08 | 104,857,600 | R--- | M] () -- C:\Documents and Settings\Lenono-Y\My Documents\SecureDrive.vol
[2012/12/04 12:50:35 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\Shortcut to AA_v3.exe.lnk
[2012/12/04 12:14:46 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\Shortcut to PSELPH100HS_IXUS115HS_CUG_EN_02.pdf.lnk
[2012/12/04 11:59:55 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/12/04 11:59:55 | 000,002,407 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/12/04 11:59:55 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2012/12/03 21:06:28 | 000,036,806 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\My Documents\1.csv
[2012/12/03 12:42:16 | 000,022,195 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\My Documents\rynryn100.vcf
[2012/12/02 17:50:54 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2012/12/02 17:50:44 | 000,000,028 | ---- | M] () -- C:\WINDOWS\pdf995.ini
[2012/12/02 17:45:50 | 001,671,168 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2012/12/02 17:45:50 | 000,036,864 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012/12/02 14:31:57 | 000,000,044 | ---- | M] () -- C:\WINDOWS\SMWizard.INI
[2012/12/02 14:27:29 | 000,445,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/02 14:27:29 | 000,073,656 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/01 22:56:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/12/01 22:14:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/12/01 22:14:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/11/30 01:14:09 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Desktop\Shortcut to gs.exe.lnk
[2012/11/28 20:18:05 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\DDR - Memory Card Recovery.lnk
[2012/11/28 17:59:47 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\RPSTD2011.lic
[2012/11/28 09:20:17 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\DDR - Memory Card Recovery(Demo).lnk
[2012/11/27 12:46:06 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2012/11/27 12:42:38 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VMware Player.lnk
[2012/11/26 11:09:27 | 000,001,071 | ---- | M] () -- C:\WINDOWS\AWMODEM.INF
[2012/11/21 22:33:51 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ravids.lnk
[2012/11/17 13:58:13 | 000,001,827 | ---- | M] () -- C:\Documents and Settings\Lenono-Y\Start Menu\Programs\Startup\KnowledgePulse.lnk
[2012/11/14 10:40:22 | 000,364,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/09 08:39:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2 C:\Documents and Settings\Lenono-Y\My Documents\*.tmp files -> C:\Documents and Settings\Lenono-Y\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/12/07 07:59:21 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2012/12/07 04:03:49 | 000,000,312 | ---- | C] () -- C:\WINDOWS\System32\bootdelete.lst
[2012/12/06 05:32:34 | 000,047,236 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen11.JPG
[2012/12/06 04:15:49 | 000,021,357 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen10.JPG
[2012/12/05 22:28:01 | 000,056,517 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen7.JPG
[2012/12/05 22:27:29 | 000,056,926 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen6.JPG
[2012/12/05 22:27:03 | 000,055,471 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen5.JPG
[2012/12/05 22:26:28 | 000,055,791 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen4.JPG
[2012/12/05 22:25:36 | 000,048,342 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen3.JPG
[2012/12/05 22:24:58 | 000,064,937 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen.JPG
[2012/12/05 22:24:35 | 000,046,375 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\the msg.JPG
[2012/12/05 22:23:34 | 000,059,011 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen2.JPG
[2012/12/05 22:22:56 | 000,061,220 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen1.JPG
[2012/12/05 22:16:17 | 000,917,046 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen7.bmp
[2012/12/05 22:14:16 | 000,754,230 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen6.bmp
[2012/12/05 22:12:57 | 000,778,806 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen5.bmp
[2012/12/05 22:11:52 | 000,849,462 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen4.bmp
[2012/12/05 22:10:47 | 000,715,830 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen3.bmp
[2012/12/05 22:09:16 | 001,036,854 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen2.bmp
[2012/12/05 22:07:40 | 001,023,030 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen1.bmp
[2012/12/05 22:02:05 | 001,211,326 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\screen.bmp
[2012/12/05 21:37:10 | 001,825,270 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\the msg.bmp
[2012/12/04 14:43:41 | 104,857,600 | R--- | C] () -- C:\Documents and Settings\Lenono-Y\My Documents\SecureDrive.vol
[2012/12/04 12:50:35 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\Shortcut to AA_v3.exe.lnk
[2012/12/04 12:13:12 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\Shortcut to PSELPH100HS_IXUS115HS_CUG_EN_02.pdf.lnk
[2012/12/04 11:59:55 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/12/04 11:59:55 | 000,002,407 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/12/04 11:59:55 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2012/12/03 21:06:27 | 000,036,806 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\My Documents\1.csv
[2012/12/03 12:42:15 | 000,022,195 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\My Documents\rynryn100.vcf
[2012/12/02 17:50:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012/12/02 17:45:52 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012/12/02 17:45:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012/12/01 22:56:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/12/01 22:14:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/12/01 22:14:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/11/30 01:14:09 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Desktop\Shortcut to gs.exe.lnk
[2012/11/28 20:18:05 | 000,000,927 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\DDR - Memory Card Recovery.lnk
[2012/11/28 09:20:17 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\DDR - Memory Card Recovery(Demo).lnk
[2012/11/27 23:10:29 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\RPSTD2011.lic
[2012/11/27 12:46:06 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2012/11/27 12:42:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VMware Player.lnk
[2012/11/26 11:09:27 | 000,001,071 | ---- | C] () -- C:\WINDOWS\AWMODEM.INF
[2012/11/21 22:33:51 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ravids.lnk
[2012/11/21 10:00:20 | 000,014,640 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/11/21 10:00:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2870.bin
[2012/11/17 20:16:58 | 000,022,152 | ---- | C] () -- C:\WINDOWS\System32\driver-flasher-3.5.exe
[2012/11/17 13:58:13 | 000,001,827 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Start Menu\Programs\Startup\KnowledgePulse.lnk
[2012/11/15 09:29:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/11/09 09:01:36 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2012/11/09 08:39:42 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/11/07 12:51:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/11/07 10:35:02 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/11/06 23:06:44 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2012/11/06 13:50:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/05 22:07:04 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/11/05 22:07:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012/11/05 22:06:59 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/11/05 22:06:59 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/11/05 22:06:57 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/11/05 22:02:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/11/05 21:11:44 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Lenono-Y\Local Settings\Application Data\fusioncache.dat
[2012/11/05 21:10:38 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2012/11/05 21:07:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2012/11/05 21:07:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2012/11/05 21:05:23 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2012/11/05 20:53:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012/11/05 20:52:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2012/11/05 20:52:44 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2012/11/05 20:52:14 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2012/11/05 20:44:55 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2012/11/05 20:41:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2012/11/05 20:41:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2012/11/05 20:41:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2012/11/05 20:41:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2012/11/05 20:41:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2012/11/05 20:41:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2012/11/05 20:41:06 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2012/11/05 20:40:39 | 000,000,148 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/11/05 20:28:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2012/11/05 20:27:47 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2012/11/05 20:26:08 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2012/11/05 20:25:49 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2012/11/05 20:07:08 | 002,872,000 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2012/11/05 20:07:07 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2012/11/05 20:07:06 | 000,010,200 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2012/11/05 20:20:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/11/05 20:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2012/12/04 14:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
[2012/11/25 16:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2012/11/07 11:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/21 10:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Edimax Driver
[2012/12/07 04:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/12/01 21:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/12/04 23:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/11/05 20:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2012/12/01 21:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/12/01 22:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/11/09 08:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/12/02 17:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/11/28 17:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/04 14:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2012/12/07 08:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2012/11/05 20:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IBM
[2012/12/04 14:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ThinkVantage
[2012/11/16 20:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\ActionVoip
[2012/11/05 20:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\IBM
[2012/11/09 15:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\ICQ
[2012/11/09 10:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\InterVoip
[2012/11/07 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\IObit
[2012/11/07 13:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\JustVoip
[2012/11/17 14:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\KnowledgePulse
[2012/11/06 08:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\Leadertech
[2012/12/02 13:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\Lenovo
[2012/12/01 22:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\Nokia
[2012/12/01 22:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\PC Suite
[2012/12/02 17:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\pdf995
[2012/11/07 13:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\Rynga
[2012/12/04 14:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\ThinkVantage
[2012/11/09 09:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\VoipBuster
[2012/12/03 12:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\VoipConnect
[2012/11/06 16:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenono-Y\Application Data\Windows Search
[2012/11/05 20:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Lenovo

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%*.exe >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[color=#A23BEC]< MD5 for: SERVICES  >[/color]
[2004/08/04 15:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

[color=#A23BEC]< MD5 for: SERVICES._  >[/color]
[2004/08/04 15:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._

[color=#A23BEC]< MD5 for: SERVICES.CFG  >[/color]
[2012/09/23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

[color=#A23BEC]< MD5 for: SERVICES.DLL  >[/color]
[2009/10/23 19:38:56 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\Program Files\Common Files\Lenovo\InvAgent\local\collect\services.dll

[color=#A23BEC]< MD5 for: SERVICES.EX_  >[/color]
[2004/08/04 15:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\I386\SERVICES.EX_

[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009/02/06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 15:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

[color=#A23BEC]< MD5 for: SERVICES.EXE.MUI  >[/color]
[2001/10/20 07:56:00 | 000,003,584 | ---- | M] (?????????? ??????????) MD5=93EEE9D234A2F64B82E3C1A8D1722CF8 -- C:\WINDOWS\mui\FALLBACK\0419\services.exe.mui
[2001/08/23 07:42:38 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=961EE082E81DDA07A50A99C8565610BF -- C:\WINDOWS\mui\FALLBACK\040D\services.exe.mui

[color=#A23BEC]< MD5 for: SERVICES.LNK  >[/color]
[2012/11/09 10:47:58 | 000,001,613 | ---- | M] () MD5=62E5D3FC0B47EDF22BB6ED6B5A4D01F7 -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Administrative Tools\Services.lnk
[2012/11/09 10:47:58 | 000,001,613 | ---- | M] () MD5=62E5D3FC0B47EDF22BB6ED6B5A4D01F7 -- C:\Documents and Settings\Lenono-Y\Desktop\Programs\Accessories\Administrative Tools\Services.lnk

[color=#A23BEC]< MD5 for: SERVICES.MS_  >[/color]
[2004/08/04 15:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_

[color=#A23BEC]< MD5 for: SERVICES.MSC  >[/color]
[2004/08/04 15:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/04 15:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/04 15:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2E1DEC

< End of report >
0

The avast doesn't find the error with the fix you gave me

0

I ran the Kaspersky on my laptop using a computer of a friend:

Detailed report
Problems found
System protection (0)
Malware (0)
Vulnerabilities (3)
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\system32\msxml4.dll
Other issues (11)
"Process termination timeout is out of admissible values"
"Service termination timeout is out of admissible values"
"Autorun from hard drives is allowed"
"Autorun from network drives is enabled"
"CD/DVD autorun is enabled"
"Removable media autorun is enabled"
"Microsoft Internet Explorer - disable caching data received via protected channel"
"Microsoft Internet Explorer: disable sending error reports"
"Microsoft Internet Explorer: clear the list of trusted domains"
"Microsoft Internet Explorer: enable cache autocleanup on browser closing"
"Microsoft Internet Explorer: start page reset"

0

Sorry, Tori.. the weekend got in the way... :)
Lenono-Y ... :)
I must ask - did you deliberately install AMMYY [remote desktop control software]?
You have components of Norton/Symantec AV still on your machine... I suggest you get the correct cleaning tool from https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080710133834EN&product=home&pvid=f-home&version=1&lg=en&ct=us and run it after this.
Start OTL, and in Custom Scans/Fixes paste this in, then press Run Fix button, post the log:

DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope = {DFED8F93-399D-4F29-B581-A28912DA3057}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{DFED8F93-399D-4F29-B581-A28912DA3057}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes,DefaultScope = {DFED8F93-399D-4F29-B581-A28912DA3057}
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT151685
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\{DFED8F93-399D-4F29-B581-A28912DA3057}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_enIL509
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\Google: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2E1DEC

Next, please download Farbar Service Scanner from http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
Dclick FSS.exe to start it, ensure all boxes except Windows Defender are checked and press Scan. Post the log.
Because you have network issues, you may as well run this...
==Download TDSSkiller from this link, save it to your desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe -you may need to download it to a clean computer and then transfer it to the desktop using a USB flash drive.
=Start TDSSKiller, click Change Parameters. Under Additional options check both boxes, Verify Driver Digital Signature and Detect TDLFS file system; click OK.
-click Start scan;
-if TDSSKiller finds a rootkit and prompts a Cure then press Continue [a reboot may be required];
-press Continue also on any Skip prompt for suspicious files. Do not delete or quarantine any files.
Post the log from C:.

0

Dear Gerbil, Thank you for caring,

About AMMYY, I've install it once, since I needed an assistance with a new hardware, does it make any harm at the moment?

I ran the Norton uninstaller.

I've tried to run fix OTL with the instruction you gave me with the custom scan/fixes, but the log I got is here:

Error: Unable to interpret <DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys File not found> in the current context!
Error: Unable to interpret <IE - HKLM..\SearchScopes,DefaultScope = {DFED8F93-399D-4F29-B581-A28912DA3057}> in the current context!
Error: Unable to interpret <IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}> in the current context!
Error: Unable to interpret <IE - HKLM..\SearchScopes{DFED8F93-399D-4F29-B581-A28912DA3057}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\SearchScopes,DefaultScope = {DFED8F93-399D-4F29-B581-A28912DA3057}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT151685> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\SearchScopes{DFED8F93-399D-4F29-B581-A28912DA3057}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_enIL509> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005..\SearchScopes\Google: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [PCDrProfiler] File not found> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ipp - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp - No CLSID value found> in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2E1DEC> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 12102012_145239

So I've stopped at this point and would like to ask your Instructions.

Thanks

0

I attach here a pic of my c:\ , there are three non accessible folders , that I don't know what they are and where they came from:

minint
preboot
RRbackups

When checkong their properties, it shows that they all have a size of 0.
What are these folders? Do I have to keep them?

I also would like to ask please about the System Volume Information folder, its size is more than 9 gig, Is this what you ment about to much restoration files? Can I delet it?

I can see also this folder in the second partition of the disc, but there, its size is 0.

Thank you

Edited by tori

Attachments C.JPG 136.32 KB
0

That was my mistake, Tori.... while cutting and pasting I managed to drop a header from the fix. This will run - paste it into Custom Scans/Fixes as before, press Run Fix.

:OTL
DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope = {DFED8F93-399D-4F29-B581-A28912DA3057}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{DFED8F93-399D-4F29-B581-A28912DA3057}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes,DefaultScope = {DFED8F93-399D-4F29-B581-A28912DA3057}
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT151685
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\{DFED8F93-399D-4F29-B581-A28912DA3057}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_enIL509
IE - HKU\S-1-5-21-3938136012-1047769790-43693901-1005\..\SearchScopes\Google: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2E1DEC
:Commands
[emptytemp]

And then do these things:
== please download Farbar Service Scanner from http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
Dclick FSS.exe to start it, ensure all boxes except Windows Defender are checked and press Scan. Post the log.
Because you have network issues, you may as well run this...
==Download TDSSkiller from this link, save it to your desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe -you may need to download it to a clean computer and then transfer it to the desktop using a USB flash drive.
=Start TDSSKiller, click Change Parameters. Under Additional options check both boxes, Verify Driver Digital Signature and Detect TDLFS file system; click OK.
-click Start scan;
-if TDSSKiller finds a rootkit and prompts a Cure then press Continue [a reboot may be required];
-press Continue also on any Skip prompt for suspicious files. Do not delete or quarantine any files.
Post the log from C:.

AMMYY - it's fine if you know about it; uninstall if you no longer require it.
Formatting C: It is very time consuming, you have a lot of software installed, personal settings, there are many security downloads to take. I prefer to take a clean, working system and image the partition regularly to a removable drive... takes about 5 minutes.
The 3, hidden C:\ folders miniNT, Preboot and RRbackups are all to do with the Rescue and Recovery software installed by Lenovo. Think of them as being another restore point system. Instead of what I suggested before, if ever you wish to reclaim some space, and your system is working fine, you can enter the Lenovo toolbox and remove the RRbackups restore points from there.
Separately the Microsoft Backup and Restore points are contained in the hidden System Volume Information. There is rarely any need to actually gain direct access to this folder, its information is used instead by utilising Backup and Restore points.
Those 4 folders [and others] are hidden to minimise risk to them and the health of your system. When you are finished with fixes and all is good, I suggest you check that box Hide Protected Op Sys Files in explorer/View tab. Most super hidden folders, files you rarely need to access.

0

I'm trying to post it again and again, but I get a msg : "The code snippet in your post is formatted incorrectly. Please use the Code button in the editor toolbar when posting whitespace-sensitive text or curly braces."

0
All processes killed
========== OTL ==========
Error: No service named SYMIDSCO was found to stop!
Service\Driver key SYMIDSCO not found.
File  C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFED8F93-399D-4F29-B581-A28912DA3057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFED8F93-399D-4F29-B581-A28912DA3057}\ not found.
HKEY_USERS\S-1-5-21-3938136012-1047769790-43693901-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3938136012-1047769790-43693901-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3938136012-1047769790-43693901-1005\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3938136012-1047769790-43693901-1005\Software\Microsoft\Internet Explorer\SearchScopes\{DFED8F93-399D-4F29-B581-A28912DA3057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFED8F93-399D-4F29-B581-A28912DA3057}\ not found.
Registry key HKEY_USERS\S-1-5-21-3938136012-1047769790-43693901-1005\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC2E1DEC deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lenono-Y
->Temp folder emptied: 31783340 bytes
->Temporary Internet Files folder emptied: 153283 bytes
->Google Chrome cache emptied: 7379787 bytes
->Flash cache emptied: 989 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 115200 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43887 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1473 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12112012_104657

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\vmware-SYSTEM\vmware-usbarb-2420.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
0
Farbar Service Scanner Version: 07-12-2012
Ran by Lenono-Y (administrator) on 11-12-2012 at 11:00:47
Running from "C:\Documents and Settings\Lenono-Y\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) aswTdi(11) Gpc(6) IPSec(4) irda(8) NetBT(5) PSched(7) s24trans(9) Tcpip(3) VMnetBridge(12) 
0x0C000000040000000100000002000000030000000B00000005000000060000000700000008000000090000000A0000000C000000
IpSec Tag value is correct.

**** End of log ****
0
11:03:49.0203 3944  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:03:49.0531 3944  ============================================================
11:03:49.0531 3944  Current date / time: 2012/12/11 11:03:49.0531
11:03:49.0531 3944  SystemInfo:
11:03:49.0531 3944  
11:03:49.0531 3944  OS Version: 5.1.2600 ServicePack: 3.0
11:03:49.0531 3944  Product type: Workstation
11:03:49.0531 3944  ComputerName: LENOVO-3FDFF327
11:03:49.0531 3944  UserName: Lenono-Y
11:03:49.0531 3944  Windows directory: C:\WINDOWS
11:03:49.0531 3944  System windows directory: C:\WINDOWS
11:03:49.0531 3944  Processor architecture: Intel x86
11:03:49.0531 3944  Number of processors: 2
11:03:49.0531 3944  Page size: 0x1000
11:03:49.0531 3944  Boot type: Normal boot
11:03:49.0531 3944  ============================================================
11:03:52.0296 3944  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:03:52.0296 3944  ============================================================
11:03:52.0296 3944  \Device\Harddisk0\DR0:
11:03:52.0296 3944  MBR partitions:
11:03:52.0296 3944  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x126976A1
11:03:52.0312 3944  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1269771F, BlocksNum 0x1AA50691
11:03:52.0343 3944  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2D0E7DEF, BlocksNum 0xC867261
11:03:52.0343 3944  ============================================================
11:03:52.0375 3944  C: <-> \Device\Harddisk0\DR0\Partition1
11:03:52.0421 3944  E: <-> \Device\Harddisk0\DR0\Partition2
11:03:52.0421 3944  ============================================================
11:03:52.0421 3944  Initialize success
11:03:52.0421 3944  ============================================================
11:05:10.0468 2004  ============================================================
11:05:10.0468 2004  Scan started
11:05:10.0468 2004  Mode: Manual; SigCheck; TDLFS; 
11:05:10.0468 2004  ============================================================
11:05:11.0984 2004  ================ Scan system memory ========================
11:05:11.0984 2004  System memory - ok
11:05:11.0984 2004  ================ Scan services =============================
11:05:12.0140 2004  [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
11:05:12.0328 2004  Aavmker4 - ok
11:05:12.0328 2004  Abiosdsk - ok
11:05:12.0343 2004  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:05:13.0203 2004  abp480n5 - ok
11:05:13.0250 2004  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
11:05:13.0406 2004  ac97intc - ok
11:05:13.0453 2004  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:05:13.0593 2004  ACPI - ok
11:05:13.0609 2004  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:05:13.0718 2004  ACPIEC - ok
11:05:13.0859 2004  [ C146F28401B7139369CD33F2CDD6E552 ] AcPrfMgrSvc     C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
11:05:13.0859 2004  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
11:05:13.0859 2004  AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
11:05:13.0875 2004  [ D04906894E446415FB96516FEA348A27 ] AcSvc           C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
11:05:13.0906 2004  AcSvc ( UnsignedFile.Multi.Generic ) - warning
11:05:13.0906 2004  AcSvc - detected UnsignedFile.Multi.Generic (1)
11:05:13.0937 2004  [ B7C4F2A40B7D2289EB944FFF30F385FF ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:05:13.0984 2004  ADIHdAudAddService - ok
11:05:14.0046 2004  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:05:14.0171 2004  adpu160m - ok
11:05:14.0250 2004  [ 993F7B0BA5188A0007C085AA10257B8E ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
11:05:14.0281 2004  AdvancedSystemCareService6 - ok
11:05:14.0343 2004  [ C984DE22ED71414ABC42C1E03D412E33 ] AEAudioService  C:\WINDOWS\system32\drivers\AEAudio.sys
11:05:14.0375 2004  AEAudioService - ok
11:05:14.0437 2004  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:05:14.0578 2004  aec - ok
11:05:14.0609 2004  [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:05:14.0609 2004  AegisP ( UnsignedFile.Multi.Generic ) - warning
11:05:14.0609 2004  AegisP - detected UnsignedFile.Multi.Generic (1)
11:05:14.0656 2004  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:05:14.0687 2004  AFD - ok
11:05:14.0703 2004  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
11:05:14.0843 2004  agp440 - ok
11:05:14.0859 2004  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:05:15.0000 2004  agpCPQ - ok
11:05:15.0015 2004  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:05:15.0078 2004  Aha154x - ok
11:05:15.0093 2004  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:05:15.0234 2004  aic78u2 - ok
11:05:15.0296 2004  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:05:15.0421 2004  aic78xx - ok
11:05:15.0453 2004  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:05:15.0578 2004  Alerter - ok
11:05:15.0609 2004  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
11:05:15.0765 2004  ALG - ok
11:05:15.0812 2004  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
11:05:15.0921 2004  AliIde - ok
11:05:15.0953 2004  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:05:16.0078 2004  alim1541 - ok
11:05:16.0093 2004  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:05:16.0203 2004  amdagp - ok
11:05:16.0218 2004  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
11:05:16.0281 2004  amsint - ok
11:05:16.0328 2004  [ 11AB185A7AF224800BBFB5B836974A17 ] ANC             C:\WINDOWS\system32\drivers\ANC.SYS
11:05:16.0328 2004  ANC ( UnsignedFile.Multi.Generic ) - warning
11:05:16.0328 2004  ANC - detected UnsignedFile.Multi.Generic (1)
11:05:16.0359 2004  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:05:16.0484 2004  AppMgmt - ok
11:05:16.0515 2004  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
11:05:16.0625 2004  asc - ok
11:05:16.0640 2004  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:05:16.0703 2004  asc3350p - ok
11:05:16.0703 2004  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:05:16.0828 2004  asc3550 - ok
11:05:16.0937 2004  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:05:16.0953 2004  aspnet_state - ok
11:05:16.0984 2004  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:05:17.0000 2004  aswFsBlk - ok
11:05:17.0015 2004  [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
11:05:17.0031 2004  aswMon2 - ok
11:05:17.0078 2004  [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
11:05:17.0093 2004  AswRdr - ok
11:05:17.0140 2004  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
11:05:17.0187 2004  aswSnx - ok
11:05:17.0203 2004  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
11:05:17.0234 2004  aswSP - ok
11:05:17.0296 2004  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
11:05:17.0328 2004  aswTdi - ok
11:05:17.0359 2004  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:05:17.0500 2004  AsyncMac - ok
11:05:17.0531 2004  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:05:17.0671 2004  atapi - ok
11:05:17.0671 2004  Atdisk - ok
11:05:17.0687 2004  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:05:17.0828 2004  Atmarpc - ok
11:05:17.0843 2004  [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm        C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
11:05:17.0875 2004  atmeltpm - ok
11:05:17.0906 2004  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:05:18.0046 2004  AudioSrv - ok
11:05:18.0078 2004  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:05:18.0218 2004  audstub - ok
11:05:18.0296 2004  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:05:18.0328 2004  avast! Antivirus - ok
11:05:18.0375 2004  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:05:18.0515 2004  Beep - ok
11:05:18.0546 2004  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:05:18.0734 2004  BITS - ok
11:05:18.0765 2004  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
11:05:18.0796 2004  Browser - ok
11:05:18.0828 2004  [ F5AD2F8F69445FDF21F0F6AE4DA098AA ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
11:05:18.0859 2004  btaudio ( UnsignedFile.Multi.Generic ) - warning
11:05:18.0859 2004  btaudio - detected UnsignedFile.Multi.Generic (1)
11:05:18.0937 2004  [ AE2AE6A32B9450BCA89FF71DD148FAA5 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
11:05:18.0937 2004  BTDriver ( UnsignedFile.Multi.Generic ) - warning
11:05:18.0937 2004  BTDriver - detected UnsignedFile.Multi.Generic (1)
11:05:18.0984 2004  [ 7512C4F3F408DD9804500E275517A758 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:05:19.0031 2004  BTKRNL ( UnsignedFile.Multi.Generic ) - warning
11:05:19.0031 2004  BTKRNL - detected UnsignedFile.Multi.Generic (1)
11:05:19.0140 2004  [ 0AB7A2E4EC1A207F1CAA1507552AED9B ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
11:05:19.0171 2004  btwdins ( UnsignedFile.Multi.Generic ) - warning
11:05:19.0171 2004  btwdins - detected UnsignedFile.Multi.Generic (1)
11:05:19.0187 2004  [ E83259C865AB76C166759951A56E39C8 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:05:19.0203 2004  BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
11:05:19.0203 2004  BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
11:05:19.0218 2004  [ EB68B380DA558BA4F5D54519EC734DC9 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
11:05:19.0234 2004  BTWUSB ( UnsignedFile.Multi.Generic ) - warning
11:05:19.0234 2004  BTWUSB - detected UnsignedFile.Multi.Generic (1)
11:05:19.0265 2004  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:05:19.0390 2004  cbidf - ok
11:05:19.0406 2004  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:05:19.0546 2004  cbidf2k - ok
11:05:19.0562 2004  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:05:19.0625 2004  cd20xrnt - ok
11:05:19.0656 2004  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:05:19.0781 2004  Cdaudio - ok
11:05:19.0812 2004  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:05:19.0953 2004  Cdfs - ok
11:05:19.0984 2004  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:05:20.0125 2004  Cdrom - ok
11:05:20.0125 2004  Changer - ok
11:05:20.0156 2004  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:05:20.0265 2004  CiSvc - ok
11:05:20.0281 2004  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:05:20.0421 2004  ClipSrv - ok
11:05:20.0453 2004  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:05:20.0468 2004  clr_optimization_v2.0.50727_32 - ok
11:05:20.0500 2004  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:05:20.0640 2004  CmBatt - ok
11:05:20.0671 2004  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:05:20.0796 2004  CmdIde - ok
11:05:20.0812 2004  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:05:20.0953 2004  Compbatt - ok
11:05:20.0953 2004  COMSysApp - ok
11:05:20.0984 2004  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:05:21.0125 2004  Cpqarray - ok
11:05:21.0140 2004  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:05:21.0265 2004  CryptSvc - ok
11:05:21.0281 2004  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:05:21.0421 2004  dac2w2k - ok
11:05:21.0421 2004  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:05:21.0546 2004  dac960nt - ok
11:05:21.0593 2004  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:05:21.0625 2004  DcomLaunch - ok
11:05:21.0671 2004  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:05:21.0812 2004  Dhcp - ok
11:05:21.0843 2004  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:05:21.0968 2004  Disk - ok
11:05:22.0015 2004  [ 57C54E1AD602F3206A8E2498E776C22D ] Diskeeper       C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
11:05:22.0062 2004  Diskeeper ( UnsignedFile.Multi.Generic ) - warning
11:05:22.0062 2004  Diskeeper - detected UnsignedFile.Multi.Generic (1)
11:05:22.0140 2004  [ EFAE981C8BA3DAD4103A76BCB5955B07 ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:05:22.0140 2004  DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
11:05:22.0140 2004  DLABOIOM - detected UnsignedFile.Multi.Generic (1)
11:05:22.0140 2004  [ 8D45AC148FD8C1A25204AECA1397FA7E ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:05:22.0156 2004  DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
11:05:22.0156 2004  DLACDBHM - detected UnsignedFile.Multi.Generic (1)
11:05:22.0171 2004  [ 3E34A0991EFDAF8CFA97441C3A51FC81 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
11:05:22.0203 2004  DLADResN ( UnsignedFile.Multi.Generic ) - warning
11:05:22.0203 2004  DLADResN - detected UnsignedFile.Multi.Generic (1)
11:05:22.0203 2004  [ 2AEF49904BDE7398D0F09B6A603738EF ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:05:22.0234 2004  DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
11:05:22.0234 2004  DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
11:05:22.0234 2004  [ 46FA268A829384256179F4CCB6EB308F ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:05:22.0234 2004  DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
11:05:22.0234 2004  DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
11:05:22.0250 2004  [ 26E89839AF248625A4E7C4CF5873375D ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:05:22.0250 2004  DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
11:05:22.0250 2004  DLAPoolM - detected UnsignedFile.Multi.Generic (1)
11:05:22.0265 2004  [ 94ACCF8F7B87FBEAA27266927319E6BA ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
11:05:22.0265 2004  DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
11:05:22.0265 2004  DLARTL_N - detected UnsignedFile.Multi.Generic (1)
11:05:22.0281 2004  [ 5E914BD7F68DDE3FB4BFFE005162C1E6 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:05:22.0281 2004  DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
11:05:22.0281 2004  DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
11:05:22.0296 2004  [ 8C3CFB22A7FB3BE67E0C321FA10B8B50 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:05:22.0296 2004  DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
11:05:22.0296 2004  DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
11:05:22.0312 2004  dmadmin - ok
11:05:22.0343 2004  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:05:22.0484 2004  dmboot - ok
11:05:22.0500 2004  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:05:22.0625 2004  dmio - ok
11:05:22.0656 2004  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:05:22.0781 2004  dmload - ok
11:05:22.0812 2004  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:05:22.0937 2004  dmserver - ok
11:05:22.0968 2004  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:05:23.0125 2004  DMusic - ok
11:05:23.0156 2004  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:05:23.0187 2004  Dnscache - ok
11:05:23.0234 2004  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:05:23.0359 2004  Dot3svc - ok
11:05:23.0390 2004  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:05:23.0531 2004  dpti2o - ok
11:05:23.0546 2004  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:05:23.0656 2004  drmkaud - ok
11:05:23.0703 2004  [ AB6C5C26FFF9B3C456AEAF7E0093C2FE ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:05:23.0703 2004  DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
11:05:23.0703 2004  DRVMCDB - detected UnsignedFile.Multi.Generic (1)
11:05:23.0718 2004  [ 4A307ADE1638D9358B6EB90076481CC6 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:05:23.0734 2004  DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
11:05:23.0734 2004  DRVNDDM - detected UnsignedFile.Multi.Generic (1)
11:05:23.0750 2004  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:05:23.0890 2004  E100B - ok
11:05:23.0937 2004  [ B1E9161BA28D5B826E49A1D0DED7FCC4 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:05:23.0953 2004  e1express - ok
11:05:24.0015 2004  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:05:24.0140 2004  EapHost - ok
11:05:24.0171 2004  [ B8EAC99B14772BDC36CA963AED109FA2 ] ElRawDisk       C:\WINDOWS\system32\drivers\rsdrv.sys
11:05:24.0203 2004  ElRawDisk - ok
11:05:24.0250 2004  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:05:24.0375 2004  ERSvc - ok
11:05:24.0421 2004  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
11:05:24.0468 2004  Eventlog - ok
11:05:24.0500 2004  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
11:05:24.0546 2004  EventSystem - ok
11:05:24.0609 2004  [ 56DED3ADE453272E6A0AD582D945D1A4 ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
11:05:24.0625 2004  EvtEng ( UnsignedFile.Multi.Generic ) - warning
11:05:24.0625 2004  EvtEng - detected UnsignedFile.Multi.Generic (1)
11:05:24.0671 2004  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:05:24.0812 2004  Fastfat - ok
11:05:24.0843 2004  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:05:24.0875 2004  FastUserSwitchingCompatibility - ok
11:05:24.0921 2004  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
11:05:25.0062 2004  Fax - ok
11:05:25.0078 2004  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:05:25.0203 2004  Fdc - ok
11:05:25.0281 2004  [ 9200A69413D69AB86ADD9BC81960BE7B ] FileMonitor     C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
11:05:25.0312 2004  FileMonitor - ok
11:05:25.0359 2004  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:05:25.0484 2004  Fips - ok
11:05:25.0500 2004  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:05:25.0625 2004  Flpydisk - ok
11:05:25.0687 2004  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:05:25.0812 2004  FltMgr - ok
11:05:25.0859 2004  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:05:25.0875 2004  FontCache3.0.0.0 - ok
11:05:25.0906 2004  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:05:26.0062 2004  Fs_Rec - ok
11:05:26.0078 2004  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:05:26.0234 2004  Ftdisk - ok
11:05:26.0296 2004  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:05:26.0437 2004  Gpc - ok
11:05:26.0500 2004  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:05:26.0531 2004  gupdate - ok
11:05:26.0531 2004  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:05:26.0562 2004  gupdatem - ok
11:05:26.0593 2004  [ B6F5AC88A1A1FDD802CB689721D640FE ] hcmon           C:\WINDOWS\system32\drivers\hcmon.sys
11:05:26.0609 2004  hcmon - ok
11:05:26.0625 2004  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:05:26.0765 2004  HDAudBus - ok
11:05:26.0843 2004  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:05:26.0968 2004  helpsvc - ok
11:05:26.0984 2004  HidServ - ok
11:05:27.0078 2004  HitmanPro37Crusader - ok
11:05:27.0109 2004  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:05:27.0250 2004  hkmsvc - ok
11:05:27.0281 2004  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
11:05:27.0406 2004  hpn - ok
11:05:27.0453 2004  [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:05:27.0500 2004  HSFHWAZL - ok
11:05:27.0515 2004  [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:05:27.0578 2004  HSF_DPV - ok
11:05:27.0625 2004  [ 3AF45F5B4157C88FFAE24D89BA408302 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
11:05:27.0640 2004  HSXHWAZL - ok
11:05:27.0687 2004  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:05:27.0718 2004  HTTP - ok
11:05:27.0750 2004  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:05:27.0890 2004  HTTPFilter - ok
11:05:27.0921 2004  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
11:05:28.0078 2004  i2omgmt - ok
11:05:28.0078 2004  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:05:28.0203 2004  i2omp - ok
11:05:28.0265 2004  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:05:28.0390 2004  i8042prt - ok
11:05:28.0593 2004  [ 06B71441957B48A4866DE2FE27CB79C8 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:05:28.0921 2004  ialm - ok
11:05:29.0015 2004  [ BF648877413F6160E480814A24942B65 ] IBMPMDRV        C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:05:29.0031 2004  IBMPMDRV - ok
11:05:29.0062 2004  [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC        C:\WINDOWS\system32\ibmpmsvc.exe
11:05:29.0093 2004  IBMPMSVC - ok
11:05:29.0125 2004  [ BFC9F3ADAAD74E13F9CE16C8BD336F95 ] IBMTPCHK        C:\WINDOWS\system32\Drivers\IBMBLDID.sys
11:05:29.0140 2004  IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
11:05:29.0140 2004  IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
11:05:29.0203 2004  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:05:29.0218 2004  IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:05:29.0218 2004  IDriverT - detected UnsignedFile.Multi.Generic (1)
11:05:29.0281 2004  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:05:29.0328 2004  idsvc - ok
11:05:29.0390 2004  [ 0A7C49B48C772591A2D362DAA00246C8 ] imagedrv        C:\WINDOWS\system32\Drivers\imagedrv.sys
11:05:29.0421 2004  imagedrv ( UnsignedFile.Multi.Generic ) - warning
11:05:29.0421 2004  imagedrv - detected UnsignedFile.Multi.Generic (1)
11:05:29.0421 2004  [ 549BA4F539E7B8D8129500B96DD7B27A ] imagesrv        C:\WINDOWS\system32\DRIVERS\imagesrv.sys
11:05:29.0437 2004  imagesrv ( UnsignedFile.Multi.Generic ) - warning
11:05:29.0437 2004  imagesrv - detected UnsignedFile.Multi.Generic (1)
11:05:29.0484 2004  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:05:29.0625 2004  Imapi - ok
11:05:29.0656 2004  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:05:29.0781 2004  ImapiService - ok
11:05:29.0859 2004  [ 8AE99EBE30E8338907361018D9030835 ] IMFservice      C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
11:05:29.0890 2004  IMFservice - ok
11:05:29.0937 2004  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:05:30.0078 2004  ini910u - ok
11:05:30.0093 2004  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:05:30.0234 2004  IntelIde - ok
11:05:30.0281 2004  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:05:30.0390 2004  intelppm - ok
11:05:30.0421 2004  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:05:30.0546 2004  Ip6Fw - ok
11:05:30.0578 2004  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:05:30.0718 2004  IpFilterDriver - ok
11:05:30.0750 2004  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:05:30.0859 2004  IpInIp - ok
11:05:30.0906 2004  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:05:31.0031 2004  IpNat - ok
11:05:31.0062 2004  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:05:31.0203 2004  IPSec - ok
11:05:31.0265 2004  [ EBC8D84FEA72BCD0421F029ACB68189D ] IPSSVC          C:\WINDOWS\system32\IPSSVC.EXE
11:05:31.0281 2004  IPSSVC ( UnsignedFile.Multi.Generic ) - warning
11:05:31.0281 2004  IPSSVC - detected UnsignedFile.Multi.Generic (1)
11:05:31.0296 2004  [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
11:05:31.0406 2004  irda - ok
11:05:31.0437 2004  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:05:31.0562 2004  IRENUM - ok
11:05:31.0625 2004  [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon           C:\WINDOWS\System32\irmon.dll
11:05:31.0750 2004  Irmon - ok
11:05:31.0781 2004  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:05:31.0921 2004  isapnp - ok
11:05:31.0937 2004  [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi         C:\WINDOWS\system32\drivers\iviaspi.sys
11:05:31.0953 2004  Iviaspi ( UnsignedFile.Multi.Generic ) - warning
11:05:31.0953 2004  Iviaspi - detected UnsignedFile.Multi.Generic (1)
11:05:32.0000 2004  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:05:32.0031 2004  IviRegMgr - ok
11:05:32.0062 2004  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:05:32.0171 2004  Kbdclass - ok
11:05:32.0234 2004  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:05:32.0359 2004  kmixer - ok
11:05:32.0375 2004  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:05:32.0406 2004  KSecDD - ok
11:05:32.0421 2004  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:05:32.0453 2004  lanmanserver - ok
11:05:32.0500 2004  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:05:32.0546 2004  lanmanworkstation - ok
11:05:32.0546 2004  lbrtfdc - ok
11:05:32.0593 2004  [ 03E12DBFACF1AEB86C553B0DB488FB81 ] libusb0         C:\WINDOWS\system32\drivers\libusb0.sys
11:05:32.0625 2004  libusb0 ( UnsignedFile.Multi.Generic ) - warning
11:05:32.0625 2004  libusb0 - detected UnsignedFile.Multi.Generic (1)
11:05:32.0656 2004  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:05:32.0781 2004  LmHosts - ok
11:05:32.0843 2004  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:05:32.0875 2004  MDM - ok
11:05:32.0890 2004  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:05:32.0921 2004  mdmxsdk - ok
11:05:32.0953 2004  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:05:33.0078 2004  Messenger - ok
11:05:33.0109 2004  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:05:33.0265 2004  mnmdd - ok
11:05:33.0328 2004  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:05:33.0453 2004  mnmsrvc - ok
11:05:33.0500 2004  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:05:33.0625 2004  Modem - ok
11:05:33.0640 2004  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:05:33.0781 2004  Mouclass - ok
11:05:33.0796 2004  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:05:33.0921 2004  MountMgr - ok
11:05:33.0937 2004  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:05:34.0062 2004  mraid35x - ok
11:05:34.0078 2004  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:05:34.0234 2004  MRxDAV - ok
11:05:34.0296 2004  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:05:34.0328 2004  MRxSmb - ok
11:05:34.0359 2004  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:05:34.0484 2004  MSDTC - ok
11:05:34.0500 2004  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:05:34.0625 2004  Msfs - ok
11:05:34.0640 2004  MSIServer - ok
11:05:34.0656 2004  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:05:34.0781 2004  MSKSSRV - ok
11:05:34.0796 2004  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:05:34.0921 2004  MSPCLOCK - ok
11:05:34.0937 2004  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:05:35.0062 2004  MSPQM - ok
11:05:35.0093 2004  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:05:35.0218 2004  mssmbios - ok
11:05:35.0265 2004  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:05:35.0281 2004  Mup - ok
11:05:35.0359 2004  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:05:35.0531 2004  napagent - ok
11:05:35.0531 2004  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:05:35.0656 2004  NDIS - ok
11:05:35.0687 2004  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:05:35.0718 2004  NdisTapi - ok
11:05:35.0750 2004  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:05:35.0859 2004  Ndisuio - ok
11:05:35.0875 2004  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:05:36.0000 2004  NdisWan - ok
11:05:36.0031 2004  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:05:36.0046 2004  NDProxy - ok
11:05:36.0062 2004  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:05:36.0203 2004  NetBIOS - ok
11:05:36.0234 2004  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:05:36.0375 2004  NetBT - ok
11:05:36.0421 2004  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:05:36.0546 2004  NetDDE - ok
11:05:36.0546 2004  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:05:36.0671 2004  NetDDEdsdm - ok
11:05:36.0703 2004  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:05:36.0828 2004  Netlogon - ok
11:05:36.0859 2004  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
11:05:37.0000 2004  Netman - ok
11:05:37.0015 2004  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:05:37.0046 2004  NetTcpPortSharing - ok
11:05:37.0062 2004  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:05:37.0093 2004  Nla - ok
11:05:37.0125 2004  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
11:05:37.0203 2004  nmwcd - ok
11:05:37.0250 2004  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
11:05:37.0343 2004  nmwcdc - ok
11:05:37.0375 2004  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:05:37.0515 2004  Npfs - ok
11:05:37.0531 2004  [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA         C:\WINDOWS\system32\DRIVERS\nscirda.sys
11:05:37.0656 2004  NSCIRDA - ok
11:05:37.0671 2004  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:05:37.0796 2004  Ntfs - ok
11:05:37.0828 2004  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:05:37.0953 2004  NtLmSsp - ok
11:05:37.0984 2004  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:05:38.0125 2004  NtmsSvc - ok
11:05:38.0140 2004  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:05:38.0281 2004  Null - ok
11:05:38.0343 2004  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:05:38.0593 2004  nv - ok
11:05:38.0625 2004  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:05:38.0765 2004  NwlnkFlt - ok
11:05:38.0781 2004  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:05:38.0921 2004  NwlnkFwd - ok
11:05:38.0937 2004  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:05:38.0953 2004  ose - ok
11:05:38.0984 2004  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:05:39.0093 2004  Parport - ok
11:05:39.0125 2004  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:05:39.0265 2004  PartMgr - ok
11:05:39.0312 2004  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:05:39.0453 2004  ParVdm - ok
11:05:39.0484 2004  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:05:39.0500 2004  pccsmcfd - ok
11:05:39.0500 2004  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:05:39.0640 2004  PCI - ok
11:05:39.0656 2004  PCIDump - ok
11:05:39.0671 2004  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:05:39.0796 2004  PCIIde - ok
11:05:39.0812 2004  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:05:39.0937 2004  Pcmcia - ok
11:05:39.0953 2004  PDCOMP - ok
11:05:39.0953 2004  PDFRAME - ok
11:05:39.0968 2004  PDRELI - ok
11:05:39.0968 2004  PDRFRAME - ok
11:05:39.0984 2004  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
11:05:40.0125 2004  perc2 - ok
11:05:40.0125 2004  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:05:40.0265 2004  perc2hib - ok
11:05:40.0296 2004  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:05:40.0328 2004  PlugPlay - ok
11:05:40.0343 2004  [ FA292805788528C083F416E151B60AB6 ] pmem            C:\WINDOWS\System32\drivers\pmemnt.sys
11:05:40.0359 2004  pmem ( UnsignedFile.Multi.Generic ) - warning
11:05:40.0359 2004  pmem - detected UnsignedFile.Multi.Generic (1)
11:05:40.0359 2004  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:05:40.0484 2004  PolicyAgent - ok
11:05:40.0531 2004  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:05:40.0640 2004  PptpMiniport - ok
11:05:40.0671 2004  [ ABD39D58DAC2CFCEE7F0C9A838E989A8 ] PROCDD          C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
11:05:40.0671 2004  PROCDD ( UnsignedFile.Multi.Generic ) - warning
11:05:40.0671 2004  PROCDD - detected UnsignedFile.Multi.Generic (1)
11:05:40.0687 2004  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
11:05:40.0796 2004  Processor - ok
11:05:40.0812 2004  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:05:40.0921 2004  ProtectedStorage - ok
11:05:40.0953 2004  [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd           C:\WINDOWS\system32\DRIVERS\psadd.sys
11:05:40.0968 2004  psadd - ok
11:05:40.0968 2004  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:05:41.0093 2004  PSched - ok
11:05:41.0125 2004  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:05:41.0250 2004  Ptilink - ok
11:05:41.0312 2004  [ CFACAA25576D473EF7B771ECE1B24D73 ] pwdrvio         C:\WINDOWS\system32\pwdrvio.sys
11:05:41.0343 2004  pwdrvio - ok
11:05:41.0390 2004  [ 0B675A61B23561C86E8710F751842276 ] pwdspio         C:\WINDOWS\system32\pwdspio.sys
11:05:41.0421 2004  pwdspio - ok
11:05:41.0453 2004  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:05:41.0484 2004  PxHelp20 - ok
11:05:41.0500 2004  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:05:41.0640 2004  ql1080 - ok
11:05:41.0656 2004  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:05:41.0796 2004  Ql10wnt - ok
11:05:41.0796 2004  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:05:41.0937 2004  ql12160 - ok
11:05:41.0937 2004  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:05:42.0062 2004  ql1240 - ok
11:05:42.0078 2004  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:05:42.0218 2004  ql1280 - ok
11:05:42.0281 2004  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:05:42.0421 2004  RasAcd - ok
11:05:42.0468 2004  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:05:42.0593 2004  RasAuto - ok
11:05:42.0640 2004  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:05:42.0718 2004  Rasirda - ok
11:05:42.0718 2004  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:05:42.0859 2004  Rasl2tp - ok
11:05:42.0890 2004  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:05:43.0046 2004  RasMan - ok
11:05:43.0046 2004  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:05:43.0171 2004  RasPppoe - ok
11:05:43.0171 2004  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:05:43.0312 2004  Raspti - ok
11:05:43.0343 2004  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:05:43.0468 2004  Rdbss - ok
11:05:43.0484 2004  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:05:43.0625 2004  RDPCDD - ok
11:05:43.0640 2004  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:05:43.0765 2004  rdpdr - ok
11:05:43.0796 2004  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:05:43.0843 2004  RDPWD - ok
11:05:43.0875 2004  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:05:44.0000 2004  RDSessMgr - ok
11:05:44.0031 2004  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:05:44.0156 2004  redbook - ok
11:05:44.0218 2004  [ D03FA5EC6B855FEE1EE16C5B0C0BA42C ] RegFilter       C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
11:05:44.0234 2004  RegFilter - ok
11:05:44.0296 2004  [ 1B2857EF12D79A9F9ADBA14B0637CBF8 ] RegSrvc         C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
11:05:44.0312 2004  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
11:05:44.0312 2004  RegSrvc - detected UnsignedFile.Multi.Generic (1)
11:05:44.0343 2004  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:05:44.0484 2004  RemoteAccess - ok
11:05:44.0515 2004  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:05:44.0656 2004  RemoteRegistry - ok
11:05:44.0687 2004  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
11:05:44.0812 2004  ROOTMODEM - ok
11:05:44.0843 2004  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:05:44.0968 2004  RpcLocator - ok
11:05:44.0984 2004  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:05:45.0015 2004  RpcSs - ok
11:05:45.0046 2004  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:05:45.0187 2004  RSVP - ok
11:05:45.0250 2004  [ 5532F69D0A845FFE9D70B9E0392FE50A ] rt2870          C:\WINDOWS\system32\DRIVERS\rt2870.sys
11:05:45.0296 2004  rt2870 - ok
11:05:45.0343 2004  [ 6C5155CC0E805C7BE6028BFF7AC14524 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
11:05:45.0375 2004  S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
11:05:45.0375 2004  S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
11:05:45.0453 2004  [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:05:45.0453 2004  s24trans ( UnsignedFile.Multi.Generic ) - warning
11:05:45.0453 2004  s24trans - detected UnsignedFile.Multi.Generic (1)
11:05:45.0484 2004  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:05:45.0609 2004  SamSs - ok
11:05:45.0640 2004  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:05:45.0781 2004  SCardSvr - ok
11:05:45.0796 2004  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:05:45.0953 2004  Schedule - ok
11:05:46.0000 2004  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:05:46.0109 2004  Secdrv - ok
11:05:46.0125 2004  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:05:46.0250 2004  seclogon - ok
11:05:46.0281 2004  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
11:05:46.0421 2004  SENS - ok
11:05:46.0437 2004  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:05:46.0562 2004  serenum - ok
11:05:46.0578 2004  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:05:46.0718 2004  Serial - ok
11:05:46.0781 2004  [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:05:46.0828 2004  ServiceLayer - ok
11:05:46.0875 2004  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:05:47.0000 2004  Sfloppy - ok
11:05:47.0046 2004  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:05:47.0187 2004  SharedAccess - ok
11:05:47.0250 2004  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:05:47.0296 2004  ShellHWDetection - ok
11:05:47.0359 2004  [ DA9E304518531DE07E56507DF91BAABC ] Shockprf        C:\WINDOWS\system32\DRIVERS\Apsx86.sys
11:05:47.0375 2004  Shockprf - ok
11:05:47.0390 2004  Simbad - ok
11:05:47.0421 2004  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:05:47.0546 2004  sisagp - ok
11:05:47.0562 2004  [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint         C:\WINDOWS\system32\drivers\Smapint.sys
11:05:47.0562 2004  Smapint ( UnsignedFile.Multi.Generic ) - warning
11:05:47.0562 2004  Smapint - detected UnsignedFile.Multi.Generic (1)
11:05:47.0593 2004  [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
11:05:47.0609 2004  SmartDefragDriver - ok
11:05:47.0656 2004  [ 3C4A61CCB2CF32ED6E09F559B4ADB6CF ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
11:05:47.0687 2004  smihlp - ok
11:05:47.0718 2004  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:05:47.0781 2004  Sparrow - ok
11:05:47.0796 2004  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:05:47.0937 2004  splitter - ok
11:05:47.0984 2004  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:05:48.0015 2004  Spooler - ok
11:05:48.0046 2004  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:05:48.0156 2004  sr - ok
11:05:48.0234 2004  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:05:48.0375 2004  srservice - ok
11:05:48.0406 2004  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:05:48.0437 2004  Srv - ok
11:05:48.0484 2004  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:05:48.0640 2004  SSDPSRV - ok
11:05:48.0671 2004  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:05:48.0796 2004  stisvc - ok
11:05:48.0843 2004  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:05:48.0968 2004  swenum - ok
11:05:48.0984 2004  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:05:49.0109 2004  swmidi - ok
11:05:49.0125 2004  SwPrv - ok
11:05:49.0156 2004  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
11:05:49.0296 2004  symc810 - ok
11:05:49.0343 2004  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:05:49.0484 2004  symc8xx - ok
11:05:49.0531 2004  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:05:49.0671 2004  sym_hi - ok
11:05:49.0703 2004  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:05:49.0843 2004  sym_u3 - ok
11:05:49.0859 2004  [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:05:49.0890 2004  SynTP - ok
11:05:49.0968 2004  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:05:50.0078 2004  sysaudio - ok
11:05:50.0125 2004  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:05:50.0250 2004  SysmonLog - ok
11:05:50.0312 2004  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:05:50.0484 2004  TapiSrv - ok
11:05:50.0515 2004  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:05:50.0531 2004  Tcpip - ok
11:05:50.0593 2004  [ 8AD9B543758DAC2CB2A6940FDBFD5468 ] TcUsb           C:\WINDOWS\system32\Drivers\tcusb.sys
11:05:50.0609 2004  TcUsb - ok
11:05:50.0625 2004  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:05:50.0750 2004  TDPIPE - ok
11:05:50.0765 2004  [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI         C:\WINDOWS\system32\drivers\TDSMAPI.SYS
11:05:50.0781 2004  TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
11:05:50.0781 2004  TDSMAPI - detected UnsignedFile.Multi.Generic (1)
11:05:50.0796 2004  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:05:50.0937 2004  TDTCP - ok
11:05:50.0953 2004  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:05:51.0093 2004  TermDD - ok
11:05:51.0125 2004  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
11:05:51.0265 2004  TermService - ok
11:05:51.0296 2004  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:05:51.0328 2004  Themes - ok
11:05:51.0406 2004  [ 5E001A6D6263A6C7C25B50E2CBE614E7 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
11:05:51.0453 2004  ThinkVantage Registry Monitor Service - ok
11:05:51.0515 2004  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:05:51.0656 2004  TlntSvr - ok
11:05:51.0687 2004  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
11:05:51.0812 2004  TosIde - ok
11:05:51.0843 2004  [ 4A6E82C67FC4C48ED3F977D8FEC0A2FA ] TPDIGIMN        C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
11:05:51.0859 2004  TPDIGIMN - ok
11:05:51.0906 2004  [ 72FD0751CE836CAFA444BBBD366645DD ] TPHDEXLGSVC     C:\WINDOWS\system32\TPHDEXLG.exe
11:05:51.0937 2004  TPHDEXLGSVC - ok
11:05:51.0953 2004  [ 29F3601D4233A53F819010FEE8C04A60 ] TPHKDRV         C:\WINDOWS\system32\drivers\TPHKDRV.sys
11:05:51.0953 2004  TPHKDRV ( UnsignedFile.Multi.Generic ) - warning
11:05:51.0953 2004  TPHKDRV - detected UnsignedFile.Multi.Generic (1)
11:05:52.0000 2004  [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC        C:\WINDOWS\system32\TpKmpSVC.exe
11:05:52.0015 2004  TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning
11:05:52.0015 2004  TpKmpSVC - detected UnsignedFile.Multi.Generic (1)
11:05:52.0046 2004  [ 44672DE6CEA9569C21C4B7A8D2560750 ] TPPWRIF         C:\WINDOWS\system32\drivers\Tppwrif.sys
11:05:52.0062 2004  TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
11:05:52.0062 2004  TPPWRIF - detected UnsignedFile.Multi.Generic (1)
11:05:52.0093 2004  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:05:52.0234 2004  TrkWks - ok
11:05:52.0328 2004  [ F2ABA3066D7921D7FCDBD66DEA88BE11 ] TSMAPIP         C:\WINDOWS\system32\drivers\TSMAPIP.SYS
11:05:52.0328 2004  TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
11:05:52.0328 2004  TSMAPIP - detected UnsignedFile.Multi.Generic (1)
11:05:52.0406 2004  [ C874A8E5619DAA27D60BCA80C6E5E5E6 ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
11:05:52.0515 2004  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
11:05:52.0515 2004  TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
11:05:52.0578 2004  [ 2E2DDDD129C1151F95640CFC4FE47660 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
11:05:52.0687 2004  TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
11:05:52.0687 2004  TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
11:05:52.0765 2004  [ C6670A6610B24E18115F00D9E1CF4644 ] TVT Scheduler   C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
11:05:52.0859 2004  TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
11:05:52.0859 2004  TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
11:05:52.0890 2004  [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter       C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
11:05:52.0906 2004  tvtfilter - ok
11:05:52.0937 2004  [ 7E66DDA1EF146BFC3A6E36E08E036602 ] TVTI2C          C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:05:52.0953 2004  TVTI2C - ok
11:05:52.0984 2004  [ 7541BD8978AA1447FC2467C1F2B39B87 ] UCLauncherService C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
11:05:53.0000 2004  UCLauncherService ( UnsignedFile.Multi.Generic ) - warning
11:05:53.0000 2004  UCLauncherService - detected UnsignedFile.Multi.Generic (1)
11:05:53.0031 2004  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:05:53.0171 2004  Udfs - ok
11:05:53.0218 2004  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
11:05:53.0296 2004  ultra - ok
11:05:53.0312 2004  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:05:53.0437 2004  Update - ok
11:05:53.0453 2004  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:05:53.0578 2004  upnphost - ok
11:05:53.0593 2004  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
11:05:53.0671 2004  upperdev - ok
11:05:53.0703 2004  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
11:05:53.0843 2004  UPS - ok
11:05:53.0859 2004  [ CB41CD653916362CA5ECD242382A156E ] UrlFilter       C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
11:05:53.0875 2004  UrlFilter - ok
11:05:53.0906 2004  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:05:54.0046 2004  usbehci - ok
11:05:54.0093 2004  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:05:54.0218 2004  usbhub - ok
11:05:54.0265 2004  [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser          C:\WINDOWS\system32\drivers\usbser.sys
11:05:54.0390 2004  usbser - ok
11:05:54.0421 2004  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
11:05:54.0515 2004  UsbserFilt - ok
11:05:54.0546 2004  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:05:54.0671 2004  USBSTOR - ok
11:05:54.0671 2004  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:05:54.0796 2004  usbuhci - ok
11:05:54.0812 2004  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:05:54.0937 2004  VgaSave - ok
11:05:54.0984 2004  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:05:55.0109 2004  viaagp - ok
11:05:55.0140 2004  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
11:05:55.0265 2004  ViaIde - ok
11:05:55.0375 2004  [ A942813405C51998DD2C2B86A08394D5 ] VMAuthdService  C:\Program Files\VMware\VMware Player\vmware-authd.exe
11:05:55.0390 2004  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
11:05:55.0390 2004  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
11:05:55.0421 2004  [ 753BD0240B6586ABA0D67A70B3EF44A0 ] vmci            C:\WINDOWS\system32\DRIVERS\vmci.sys
11:05:55.0437 2004  vmci - ok
11:05:55.0468 2004  [ 840EC98AD70C09F87E2F624320B9C3A3 ] vmkbd           C:\WINDOWS\system32\drivers\VMkbd.sys
11:05:55.0500 2004  vmkbd - ok
11:05:55.0500 2004  [ A267D2321ED281359D301BFEB8202652 ] VMnetAdapter    C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
11:05:55.0531 2004  VMnetAdapter - ok
11:05:55.0546 2004  [ A4146B5147AA2CD0C384EDBA3FF3E9DF ] VMnetBridge     C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
11:05:55.0562 2004  VMnetBridge - ok
11:05:55.0578 2004  [ 24521D99BF36F190BA10BB2BFDB17682 ] VMnetDHCP       C:\WINDOWS\system32\vmnetdhcp.exe
11:05:55.0625 2004  VMnetDHCP - ok
11:05:55.0656 2004  [ 4214CE8AC6E4E2667E71B9A5E973D590 ] VMnetuserif     C:\WINDOWS\system32\drivers\vmnetuserif.sys
11:05:55.0671 2004  VMnetuserif - ok
11:05:55.0750 2004  [ 90B4CC5C515B52796E26F72F3EEAF643 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
11:05:55.0781 2004  VMUSBArbService - ok
11:05:55.0812 2004  [ 709B9008BCC9E0375D0A45B08F4C48ED ] VMware NAT Service C:\WINDOWS\system32\vmnat.exe
11:05:55.0843 2004  VMware NAT Service - ok
11:05:55.0875 2004  [ 6B649BAAF488C8505C613A1159A8D05C ] vmx86           C:\WINDOWS\system32\Drivers\vmx86.sys
11:05:55.0890 2004  vmx86 - ok
11:05:55.0921 2004  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:05:56.0062 2004  VolSnap - ok
11:05:56.0062 2004  [ 4B1B677FC0338C85E1C30BD6F1BFD584 ] vsock           C:\WINDOWS\system32\drivers\vsock.sys
11:05:56.0078 2004  vsock - ok
11:05:56.0109 2004  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
11:05:56.0250 2004  VSS - ok
11:05:56.0281 2004  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
11:05:56.0421 2004  W32Time - ok
11:05:56.0468 2004  [ 73395A19FC86461A151D3C330604E8B3 ] w39n51          C:\WINDOWS\system32\DRIVERS\w39n51.sys
11:05:56.0625 2004  w39n51 - ok
11:05:56.0640 2004  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:05:56.0781 2004  Wanarp - ok
11:05:56.0796 2004  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
11:05:56.0843 2004  Wdf01000 - ok
11:05:56.0843 2004  WDICA - ok
11:05:56.0859 2004  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:05:56.0984 2004  wdmaud - ok
11:05:57.0015 2004  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:05:57.0156 2004  WebClient - ok
11:05:57.0218 2004  [ 307D248F97835B6879BDD361086924FE ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:05:57.0265 2004  winachsf - ok
11:05:57.0343 2004  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:05:57.0468 2004  winmgmt - ok
11:05:57.0531 2004  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
11:05:57.0640 2004  WinRM - ok
11:05:57.0750 2004  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:05:57.0765 2004  WmdmPmSN - ok
11:05:57.0796 2004  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:05:57.0859 2004  Wmi - ok
11:05:57.0937 2004  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:05:58.0046 2004  WmiApSrv - ok
11:05:58.0140 2004  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
11:05:58.0171 2004  WMPNetworkSvc - ok
11:05:58.0234 2004  WPFFontCache_v0400 - ok
11:05:58.0250 2004  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:05:58.0390 2004  WS2IFSL - ok
11:05:58.0421 2004  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:05:58.0546 2004  wscsvc - ok
11:05:58.0562 2004  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:05:58.0687 2004  wuauserv - ok
11:05:58.0734 2004  [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:05:58.0781 2004  WudfPf - ok
11:05:58.0796 2004  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:05:58.0828 2004  WudfSvc - ok
11:05:58.0875 2004  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:05:59.0078 2004  WZCSVC - ok
11:05:59.0109 2004  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:05:59.0265 2004  xmlprov - ok
11:05:59.0281 2004  ================ Scan global ===============================
11:05:59.0312 2004  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:05:59.0343 2004  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:05:59.0359 2004  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:05:59.0390 2004  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:05:59.0390 2004  [Global] - ok
11:05:59.0390 2004  ================ Scan MBR ==================================
11:05:59.0421 2004  [ A6EFD5A992264C299430F3A023007631 ] \Device\Harddisk0\DR0
11:05:59.0781 2004  \Device\Harddisk0\DR0 - ok
11:05:59.0781 2004  ================ Scan VBR ==================================
11:05:59.0781 2004  [ 0482239FA83DE239F66A0B457CD078DE ] \Device\Harddisk0\DR0\Partition1
11:05:59.0781 2004  \Device\Harddisk0\DR0\Partition1 - ok
11:05:59.0796 2004  [ 48868134970E2D6DC19C8DD3D4FA93ED ] \Device\Harddisk0\DR0\Partition2
11:05:59.0796 2004  \Device\Harddisk0\DR0\Partition2 - ok
11:05:59.0812 2004  [ A61CFCDAA8C55563A3A76CC288DC1178 ] \Device\Harddisk0\DR0\Partition3
11:05:59.0812 2004  \Device\Harddisk0\DR0\Partition3 - ok
11:05:59.0812 2004  ============================================================
11:05:59.0812 2004  Scan finished
11:05:59.0812 2004  ============================================================
11:05:59.0921 4692  Detected object count: 46
11:05:59.0921 4692  Actual detected object count: 46
11:10:03.0250 4692  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0250 4692  AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0250 4692  AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0250 4692  AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0250 4692  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0250 4692  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0250 4692  ANC ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0250 4692  ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0250 4692  btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0250 4692  btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0250 4692  BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0250 4692  BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0250 4692  BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0250 4692  BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0265 4692  btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0265 4692  btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0265 4692  BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0265 4692  BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0265 4692  BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0265 4692  BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0265 4692  Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0265 4692  Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0265 4692  DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0265 4692  DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0265 4692  DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0265 4692  DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0265 4692  DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0265 4692  DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0281 4692  DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0281 4692  DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0281 4692  DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0281 4692  DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0281 4692  DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0281 4692  DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0281 4692  DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0281 4692  DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0281 4692  DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0281 4692  DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0281 4692  DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0281 4692  DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0281 4692  DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0281 4692  DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0296 4692  DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0296 4692  DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0296 4692  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0296 4692  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0296 4692  IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0296 4692  IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0296 4692  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0296 4692  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0296 4692  imagedrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0296 4692  imagedrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0296 4692  imagesrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0296 4692  imagesrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0296 4692  IPSSVC ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0296 4692  IPSSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0312 4692  Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0312 4692  Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0312 4692  libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0312 4692  libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0312 4692  pmem ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0312 4692  pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0312 4692  PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0312 4692  PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0312 4692  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0312 4692  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0312 4692  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0312 4692  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0312 4692  s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0312 4692  s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0328 4692  Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0328 4692  Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0328 4692  TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0328 4692  TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0328 4692  TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0328 4692  TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0328 4692  TpKmpSVC ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0328 4692  TpKmpSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0328 4692  TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0328 4692  TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0328 4692  TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0328 4692  TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0328 4692  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0328 4692  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0343 4692  TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0343 4692  TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0343 4692  TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0343 4692  TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0343 4692  UCLauncherService ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0343 4692  UCLauncherService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:03.0343 4692  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
11:10:03.0343 4692  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:10:26.0312 2596  Deinitialize success
0

Tori, those logs are satisfactory, except for the No Connection status in FSS. Your software appears ok in that regard. To investigate further, please open a cmd window [Start, Run, enter cmd], and enter...
ipconfig /all
If some entries such as IP Address, Default Gateway, DHCP/DNS servers are blank then is your router set to broadcast its SSID? What happens when you try to search for / establish a connection? Signal strength?
Post the content of that cmd window [cursor to top margin, rclick, choose Edit > Select all; again to Edit > Copy, then paste into a notepad].

The code detection system here looks for more than two consecutive spaces in a post, if it finds them it forces you to code snippet posting. I write in a notepad, then use Select All [ctrl-A] to pick up consecutive spaces, and remove them. And sometimes, it seems, the site formatter removes them. Beats me, too... :)

Edited by gerbil

0

Gerbil,
It was not possible to copy and past the cmd, so I attach here a pic.
The SSID is visible, The signal is very strong according to the mobile phone (It has wifi)
The laptop doesn't recognize a signal from any network

Attachments ipconfig.JPG 76.55 KB
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.