WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

win 32 malware-gen [Solved]

Started by cdoo , Jun 01 2012 03:16 PM

This topic is locked

12 replies to this topic

#1 cdoo

New Member

Authentic Member
6 posts

Posted 01 June 2012 - 03:16 PM

netsvcs
drivers32
%SYSTEMDRIVE%*.*
%systemroot%Fonts*.com
%systemroot%Fonts*.dll
%systemroot%Fonts*.ini
%systemroot%Fonts*.ini2
%systemroot%Fonts*.exe
%systemroot%system32spoolprtprocsw32x86*.*
%systemroot%REPAIR*.bak1
%systemroot%REPAIR*.ini
%systemroot%system32*.jpg
%systemroot%*.jpg
%systemroot%*.png
%systemroot%*.scr
%systemroot%*._sy
%APPDATA%AdobeUpdate*.*
%ALLUSERSPROFILE%Favorites*.*
%APPDATA%Microsoft*.*
%PROGRAMFILES%*.*
%APPDATA%Update*.*
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%System32config*.sav
%PROGRAMFILES%bak. /s
%systemroot%system32bak. /s
%ALLUSERSPROFILE%Start Menu*.lnk /x
%systemroot%system32configsystemprofile*.dat /x
%systemroot%*.config
%systemroot%system32*.db
%PROGRAMFILES%Internet Explorer*.dat
%APPDATA%MicrosoftInternet ExplorerQuick Launch*.lnk /x
%USERPROFILE%Desktop*.exe
%PROGRAMFILES%Common Files*.*
%systemroot%*.src
%systemroot%install*.*
%systemroot%system32DLL*.*
%systemroot%system32HelpFiles*.*
%systemroot%system32rundll*.*
%systemroot%winn32*.*
%systemroot%Java*.*
%systemroot%system32test*.*
%systemroot%system32Rundll32*.*
%systemroot%AppPatchCustom*.*
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs

netsvcs
drivers32
%SYSTEMDRIVE%*.*
%systemroot%Fonts*.com
%systemroot%Fonts*.dll
%systemroot%Fonts*.ini
%systemroot%Fonts*.ini2
%systemroot%Fonts*.exe
%systemroot%system32spoolprtprocsw32x86*.*
%systemroot%REPAIR*.bak1
%systemroot%REPAIR*.ini
%systemroot%system32*.jpg
%systemroot%*.jpg
%systemroot%*.png
%systemroot%*.scr
%systemroot%*._sy
%APPDATA%AdobeUpdate*.*
%ALLUSERSPROFILE%Favorites*.*
%APPDATA%Microsoft*.*
%PROGRAMFILES%*.*
%APPDATA%Update*.*
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%System32config*.sav
%PROGRAMFILES%bak. /s
%systemroot%system32bak. /s
%ALLUSERSPROFILE%Start Menu*.lnk /x
%systemroot%system32configsystemprofile*.dat /x
%systemroot%*.config
%systemroot%system32*.db
%PROGRAMFILES%Internet Explorer*.dat
%APPDATA%MicrosoftInternet ExplorerQuick Launch*.lnk /x
%USERPROFILE%Desktop*.exe
%PROGRAMFILES%Common Files*.*
%systemroot%*.src
%systemroot%install*.*
%systemroot%system32DLL*.*
%systemroot%system32HelpFiles*.*
%systemroot%system32rundll*.*
%systemroot%winn32*.*
%systemroot%Java*.*
%systemroot%system32test*.*
%systemroot%system32Rundll32*.*
%systemroot%AppPatchCustom*.*
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rsOTL logfile created on: 6/1/2012 5:38:29 PM - Run 3
OTL by OldTimer - Version 3.2.45.0 Folder = C:UserscdooDownloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 45.03% Memory free
7.83 Gb Paging File | 5.72 Gb Available in Paging File | 73.10% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 654.69 Gb Total Space | 270.55 Gb Free Space | 41.32% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.41 Gb Free Space | 91.06% Space Free | Partition Type: NTFS
Drive F: | 702.82 Mb Total Space | 497.21 Mb Free Space | 70.75% Space Free | Partition Type: UDF

Computer Name: CDOO-PC | User Name: cdoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:UserscdooDownloadsOTL(1).exe (OldTimer Tools)
PRC - C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation)
PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)
PRC - C:Program FilesAVAST SoftwareAvastAvastUI.exe (AVAST Software)
PRC - C:Program FilesAVAST SoftwareAvastAvastSvc.exe (AVAST Software)
PRC - C:UserscdooAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.)
PRC - C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (Microsoft Corporation)
PRC - C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (Microsoft Corporation)
PRC - C:Program Files (x86)LenovoOnekey TheaterOnekeySupport.exe ()
PRC - C:Program Files (x86)LenovoVeriFacePManage.exe (Lenovo)
PRC - C:Program Files (x86)OpenOffice.org 3programsoffice.exe (OpenOffice.org)
PRC - C:Program Files (x86)OpenOffice.org 3programsoffice.bin (OpenOffice.org)
PRC - C:Program Files (x86)DDNiOasis2Service 1.0Oasis2Service.exe ()
PRC - C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe (Intel Corporation)
PRC - C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe (Intel Corporation)
PRC - C:Program Files (x86)LenovoYouCamYCMMirage.exe (CyberLink)
PRC - C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)
PRC - C:Program Files (x86)USB Camera2VM332_STI.EXE (Vimicro)

========== Modules (No Company Name) ==========

MOD - C:WindowsSysWOW64MacromedFlashNPSWF32_11_2_202_235.dll ()
MOD - C:Program Files (x86)Mozilla Firefoxmozjs.dll ()
MOD - C:Program FilesAVAST SoftwareAvastaswOtl.dll ()
MOD - C:Program Files (x86)OpenOffice.org 3programlibxml2.dll ()
MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()
MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()
MOD - C:Program Files (x86)LenovoOnekey TheaterOnekeySupport.exe ()
MOD - C:Program Files (x86)LenovoVeriFaceChooseLang.dll ()
MOD - C:Program Files (x86)LenovoOnekey TheaterWindowsApiHookDll32.dll ()
MOD - C:Program Files (x86)LenovoOnekey TheaterActiveDetect32.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe (AVAST Software)
SRV:64bit: - (Mcx2Svc) -- C:WindowsSysNativeMcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (EvtEng) Intel® -- C:Program FilesIntelWiFibinEvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:Program FilesIntelWiFibinPanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel® -- C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe (Intel® Corporation)
SRV:64bit: - (RtLedService) -- C:Program FilesRealtekRtLEDRtLEDService.exe (Realtek Semiconductor Corp.)
SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:WindowsSysNativemprdim.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:WindowsSysNativeipnathlp.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe (Microsoft Corporation)
SRV - (Oasis2Service) -- C:Program Files (x86)DDNiOasis2Service 1.0Oasis2Service.exe ()
SRV - (UNS) Intel® -- C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe (Intel Corporation)
SRV - (HPSLPSVC) -- C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)
SRV - (RemoteAccess) -- C:WindowsSysWOW64mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:windowsSysNativedriversaswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:windowsSysNativedriversaswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:WindowsSysNativedriversaswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:windowsSysNativedriversaswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:WindowsSysNativedriversaswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:windowsSysNativedriversaswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:windowsSysNativedriversfs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Sftvol) -- C:WindowsSysNativedriversSftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:WindowsSysNativedriversSftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:WindowsSysNativedriversSftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:WindowsSysNativedriversSftfslh.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:WindowsSysNativedriversLhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:WindowsSysNativedriversAcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:WindowsSysNativedriversfbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:WindowsSysNativedriversBPntDrv.sys (Lenovo)
DRV:64bit: - (igfx) -- C:WindowsSysNativedriversigdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:WindowsSysNativedriversiaStor.sys (Intel Corporation)
DRV:64bit: - (vm332avs) -- C:WindowsSysNativedriversvm332avs.sys (Vimicro Corporation)
DRV:64bit: - (SynTP) -- C:WindowsSysNativedriversSynTP.sys (Synaptics Incorporated)
DRV:64bit: - (clwvd) -- C:WindowsSysNativedriversclwvd.sys (CyberLink Corporation)
DRV:64bit: - (wdkmd) -- C:WindowsSysNativedriversWDKMD.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:WindowsSysNativedriversrtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:WindowsSysNativedriversTsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:WindowsSysNativedriversNETwNs64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:WindowsSysNativedriversHECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:WindowsSysNativedriversIntcDAud.sys (Intel® Corporation)
DRV:64bit: - (vm2uvcflt) -- C:WindowsSysNativedriversvm2uvcflt.sys (Vimicro Corporation)
DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )
DRV:64bit: - (wsvd) -- C:WindowsSysNativedriverswsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:WindowsSysNativedriverscrcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation)
DRV:64bit: - (ws2ifsl) -- C:WindowsSysNativedriversws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:WindowsSysNativedriverscdfs.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://lenovo.msn.com
IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.co...r...N&bmod=LENN
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = http://www.lenovo.com [binary data]
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.co...r...N&bmod=LENN
IE - HKCU..SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU..SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...amp;rlz=1I7LENN
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - user.js - File not found

FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowssystem32MacromedFlashNPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowsSysWOW64MacromedFlashNPSWF32_11_2_202_235.dll ()
FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()
FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google)
FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionswrc@avast.com: C:Program FilesAVAST SoftwareAvastWebRepFF [2012/04/23 17:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionssmartwebprinting@hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/07/12 08:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 12.0extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/04/26 06:06:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 12.0extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins
FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionssmartwebprinting@hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/07/12 08:00:11 | 000,000,000 | ---D | M]

[2011/07/09 13:23:42 | 000,000,000 | ---D | M] (No name found) -- C:UserscdooAppDataRoamingMozillaExtensions
[2011/07/09 13:23:42 | 000,000,000 | ---D | M] (No name found) -- C:UserscdooAppDataRoamingMozillaExtensionsexpress@postbox-inc.com
[2012/05/26 06:52:53 | 000,000,000 | ---D | M] (No name found) -- C:UserscdooAppDataRoamingMozillaFirefoxProfilesxibgbrp1.defaultextensio
ns
[2011/09/26 20:24:54 | 000,000,000 | ---D | M] (Disconnect) -- C:UserscdooAppDataRoamingMozillaFirefoxProfilesxibgbrp1.defaultextensio
nsdisconnect@disconnect.me
[2012/04/25 06:46:04 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions
[2012/05/26 06:48:50 | 000,086,131 | ---- | M] () (No name found) -- C:USERSCDOOAPPDATAROAMINGMOZILLAFIREFOXPROFILESXIBGBRP1.DEFAULTEXTENSIO
NS{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2011/07/08 17:44:34 | 000,058,343 | ---- | M] () (No name found) -- C:USERSCDOOAPPDATAROAMINGMOZILLAFIREFOXPROFILESXIBGBRP1.DEFAULTEXTENSIO
NS{446C03E0-2C35-11DB-A98B-0800200C9A66}.XPI
[2011/07/08 15:21:32 | 000,330,316 | ---- | M] () (No name found) -- C:USERSCDOOAPPDATAROAMINGMOZILLAFIREFOXPROFILESXIBGBRP1.DEFAULTEXTENSIO
NSPERSONAS@CHRISTOPHER.BEARD.XPI
[2012/05/26 06:48:50 | 000,079,908 | ---- | M] () (No name found) -- C:USERSCDOOAPPDATAROAMINGMOZILLAFIREFOXPROFILESXIBGBRP1.DEFAULTEXTENSIO
NSPRINTEDIT@DW-DEV.XPI
[2012/04/26 06:06:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll
[2012/04/25 06:45:56 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml
[2012/04/25 06:45:56 | 000,002,040 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:Program Files (x86)GoogleChromeApplication15.0.874.106gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:windowsSysWOW64MacromedFlashNPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:Program Files (x86)AdobeReader 10.0ReaderBrowsernppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:Program Files (x86)GoogleChromeApplication15.0.874.106ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Files (x86)GoogleChromeApplication15.0.874.106pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.69npGoogleUpdate3.dll
CHR - plugin: Windows Liveu0099 Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:UserscdooAppDataLocalGoogleChromeUser DataDefaultExtensionsicmlaeflemplmjndnaapfdbbnpncnbda6.0.1289_0
CHR - Extension: Inside Lane Theme = C:UserscdooAppDataLocalGoogleChromeUser DataDefaultExtensionsphhlfoncoemedejjabkgniaajejikmpd1_0

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:WindowsSysNativedriversetchosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:ProgramDataPartnerPartner.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM..Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM..Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM..Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)
O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..Run: [Energy Management] C:Program Files (x86)LenovoEnergy ManagementEnergy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..Run: [EnergyUtility] C:Program Files (x86)LenovoEnergy Managementutility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..Run: [HotKeysCmds] C:WindowsSysNativehkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [IgfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [IntelWireless] C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..Run: [Lenovo EE Boot Optimizer] C:Program Files (x86)LenovoBoot OptimizerPopWnd.exe (Lenovo)
O4:64bit: - HKLM..Run: [OnekeyStudio] C:Program Files (x86)LenovoOnekey TheaterOnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..Run: [Persistence] C:WindowsSysNativeigfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..Run: [UpdatePRCShortCut] C:Program FilesLenovoOneKey AppOneKey RecoveryMUITransferMUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..Run: [332BigDog] C:Program Files (x86)USB Camera2VM332_STI.EXE (Vimicro)
O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)
O4 - HKLM..Run: [avast] C:Program FilesAVAST SoftwareAvastavastUI.exe (AVAST Software)
O4 - HKLM..Run: [UpdateP2GShortCut] C:Program Files (x86)LenovoPower2GoMUITransferMUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..Run: [UpdatePRCShortCut] C:Program FilesLenovoOneKey AppOneKey RecoveryMUITransferMUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..Run: [VeriFaceManager] C:Program Files (x86)LenovoVeriFacePManage.exe (Lenovo)
O4 - HKLM..Run: [YouCam Mirage] C:Program Files (x86)LenovoYouCamYCMMirage.exe (CyberLink)
O4 - HKLM..Run: [YouCam Tray] C:Program Files (x86)LenovoYouCamYouCam.exe (CyberLink Corp.)
O4 - HKCU..Run: [DW6] C:Program Files (x86)The Weather Channel FWDesktopDesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - Startup: C:UserscdooAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk = C:UserscdooAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.)
O4 - Startup: C:UserscdooAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOpenOffice.org 3.3.lnk = C:Program Files (x86)OpenOffice.org 3programquickstart.exe ()
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5Catalog_Entries64\000000000008 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5Catalog_Entries\000000000008 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{D86E90F5-498A-47B0-A21A-2C429DA4A366}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - ProtocolHandlerlivecall - No CLSID value found
O18:64bit: - ProtocolHandlermsdaipp - No CLSID value found
O18:64bit: - ProtocolHandlermsdaipp\0x00000001 - No CLSID value found
O18:64bit: - ProtocolHandlermsdaippoledb - No CLSID value found
O18:64bit: - ProtocolHandlermsnim - No CLSID value found
O18:64bit: - ProtocolHandlermso-offdap11 - No CLSID value found
O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found
O18:64bit: - ProtocolHandlerwlpg - No CLSID value found
O18 - ProtocolHandlermsdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 - ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - ProtocolFiltertext/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:windowsexplorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:windowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:windowsSysWow64explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:windowsSysWow64userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:windowsSysNativeigfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM..comfile [open] -- "%1" %*
O35:64bit: - HKLM..exefile [open] -- "%1" %*
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*
O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:WindowsSystem32l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:Program Files (x86)LenovoPower2GoCLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:WindowsSysWOW64l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:windowsSysWow64iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/01 08:31:10 | 000,000,000 | ---D | C] -- C:UserscdooDocumentsBedford Valley Special_files
[2012/05/16 07:19:19 | 000,000,000 | ---D | C] -- C:UserscdooAppDataLocalElevatedDiagnostics
[2012/05/13 05:26:34 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Silverlight
[2012/05/13 05:25:18 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Silverlight
[2012/05/13 05:25:18 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft Silverlight
[2012/05/09 05:52:23 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativeDWrite.dll
[2012/05/09 05:52:21 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativentoskrnl.exe
[2012/05/09 05:52:20 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64ntoskrnl.exe
[2012/05/09 05:52:19 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64ntkrnlpa.exe
[2012/05/04 20:04:06 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:windowsSysWow64FlashPlayerInstaller.exe

========== Files - Modified Within 30 Days ==========

[2012/06/01 17:04:00 | 000,000,830 | ---- | M] () -- C:windowstasksAdobe Flash Player Updater.job
[2012/06/01 16:53:00 | 000,000,912 | ---- | M] () -- C:windowstasksGoogleUpdateTaskMachineUA.job
[2012/06/01 15:40:33 | 000,021,280 | -H-- | M] () -- C:windowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/01 15:40:33 | 000,021,280 | -H-- | M] () -- C:windowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/01 15:39:45 | 000,727,334 | ---- | M] () -- C:windowsSysNativePerfStringBackup.INI
[2012/06/01 15:39:45 | 000,624,864 | ---- | M] () -- C:windowsSysNativeperfh009.dat
[2012/06/01 15:39:45 | 000,106,950 | ---- | M] () -- C:windowsSysNativeperfc009.dat
[2012/06/01 15:37:20 | 000,409,285 | ---- | M] () -- C:windowsSysNativefastboot.set
[2012/06/01 15:35:10 | 000,000,908 | ---- | M] () -- C:windowstasksGoogleUpdateTaskMachineCore.job
[2012/06/01 15:34:19 | 000,067,584 | --S- | M] () -- C:windowsbootstat.dat
[2012/06/01 10:26:20 | 3153,727,488 | -HS- | M] () -- C:hiberfil.sys
[2012/06/01 08:31:11 | 000,136,448 | ---- | M] () -- C:UserscdooDocumentsBedford Valley Special.htm
[2012/05/10 19:57:37 | 000,001,133 | ---- | M] () -- C:UserscdooApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Microsoft Office Outlook.lnk
[2012/05/10 18:46:17 | 000,318,024 | ---- | M] () -- C:windowsSysNativeFNTCACHE.DAT
[2012/05/04 20:04:12 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:windowsSysWow64FlashPlayerApp.exe
[2012/05/04 20:04:11 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:windowsSysWow64FlashPlayerCPLApp.cpl
[2012/05/04 20:04:06 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:windowsSysWow64FlashPlayerInstaller.exe

========== Files Created - No Company Name ==========

[2012/06/01 08:31:10 | 000,136,448 | ---- | C] () -- C:UserscdooDocumentsBedford Valley Special.htm
[2011/10/16 13:20:15 | 000,026,018 | ---- | C] () -- C:UserscdooAppDataRoamingUserTile.png
[2011/10/15 16:32:28 | 000,206,296 | ---- | C] () -- C:windowshpwins28.dat.temp
[2011/10/15 16:32:28 | 000,000,418 | ---- | C] () -- C:windowshpwmdl28.dat.temp
[2011/07/25 14:28:52 | 000,000,376 | ---- | C] () -- C:windowsODBC.INI
[2011/07/12 07:49:28 | 000,201,452 | ---- | C] () -- C:windowshpoins40.dat
[2011/07/11 18:26:11 | 000,649,057 | ---- | C] () -- C:windowshpoins40.dat.temp
[2011/07/11 18:02:38 | 000,000,992 | ---- | C] () -- C:windowshpomdl40.dat.temp
[2011/07/09 14:31:22 | 000,743,662 | ---- | C] () -- C:windowsSysWow64PerfStringBackup.INI
[2011/07/09 02:22:13 | 000,000,235 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.32.bc
[2011/06/02 19:32:10 | 000,300,328 | ---- | C] () -- C:windowsit50.dll
[2011/06/02 19:32:10 | 000,259,368 | ---- | C] () -- C:windowsFastBR.dll
[2011/06/02 19:32:10 | 000,218,408 | ---- | C] () -- C:windowsImage.dll
[2011/06/02 19:32:10 | 000,202,024 | ---- | C] () -- C:windowsHardDisk.dll
[2011/06/02 19:32:10 | 000,177,448 | ---- | C] () -- C:windowsdisk.dll
[2011/06/02 19:32:10 | 000,010,068 | ---- | C] () -- C:windowsGT.EXE
[2011/06/02 19:32:10 | 000,003,443 | ---- | C] () -- C:windowsUTILITYDRV.SYS
[2011/06/02 19:32:09 | 000,259,368 | ---- | C] () -- C:windowsCopyFile.dll
[2011/06/02 19:32:09 | 000,110,592 | ---- | C] () -- C:windowsBootseqwWmi.exe
[2011/06/02 19:32:09 | 000,081,920 | ---- | C] () -- C:windowsBootseqw32.exe
[2011/06/02 19:32:09 | 000,049,152 | ---- | C] () -- C:windowsCHGBOOTW.EXE
[2011/06/02 19:32:09 | 000,008,704 | ---- | C] () -- C:windowsAccess32.sys
[2011/06/02 10:49:01 | 002,086,240 | ---- | C] () -- C:windowsSysWow64LenovoVeriface.Interface.dll
[2011/06/02 10:49:01 | 001,500,512 | ---- | C] () -- C:windowsSysWow64Apblend.dll
[2011/06/02 10:49:01 | 001,171,456 | ---- | C] () -- C:windowsSysWow64PicNotify.dll
[2011/06/02 10:49:01 | 000,466,944 | ---- | C] () -- C:windowsSysWow64Lenovo.VerifaceStub.dll
[2011/06/02 10:48:55 | 001,044,480 | ---- | C] () -- C:windowsSysWow643DImageRenderer.dll
[2011/06/02 10:34:21 | 000,001,823 | ---- | C] () -- C:windowsvm332Rmv.ini
[2011/06/02 10:34:21 | 000,001,823 | ---- | C] () -- C:windowsSysWow64vm332Rmv.ini
[2011/04/13 23:01:25 | 000,963,116 | ---- | C] () -- C:windowsSysWow64igkrng600.bin
[2011/04/13 23:01:22 | 000,216,876 | ---- | C] () -- C:windowsSysWow64igfcg600m.bin
[2011/04/13 23:01:19 | 000,145,804 | ---- | C] () -- C:windowsSysWow64igcompkrng600.bin
[2011/04/13 22:51:06 | 000,066,856 | ---- | C] () -- C:windowsSysWow64SynTPEnhPS.dll

========== LOP Check ==========

[2011/07/31 20:10:25 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingAnthropics
[2011/07/10 19:55:31 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingArcSyncConfig
[2012/06/01 15:37:04 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingDropbox
[2011/07/25 14:25:50 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingeM Client
[2011/08/27 11:37:54 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoaminggtk-2.0
[2011/08/27 13:29:03 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingooVoo Details
[2011/07/09 15:19:03 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingOpenOffice.org
[2011/07/09 13:23:33 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingPostbox
[2011/08/15 20:20:21 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingrinsebyreal
[2011/10/10 05:49:58 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingSammsoft
[2011/07/11 13:55:32 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingSBG901
[2012/06/01 10:24:39 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingSoftGrid Client
[2011/07/23 09:44:30 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingSpotify
[2011/07/09 09:26:06 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingThunderbird
[2011/07/09 14:32:12 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingTP
[2011/07/08 17:01:13 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoamingWindows Live Writer
[2011/10/18 14:29:50 | 000,000,000 | ---D | M] -- C:UserscdooAppDataRoaming{90140011-0066-0409-0000-0000000FF1CE}
[2011/12/20 07:01:29 | 000,032,626 | ---- | M] () -- C:windowsTasksSCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%*.* >
[2011/08/19 23:18:36 | 000,000,082 | -HS- | M] () -- C:desktop.ini
[2012/06/01 15:35:04 | 000,468,570 | ---- | M] () -- C:FaceProv.log
[2012/06/01 10:26:20 | 3153,727,488 | -HS- | M] () -- C:hiberfil.sys
[2011/06/02 19:32:12 | 000,000,028 | ---- | M] () -- C:IPGPLDOK.TXT
[2011/06/02 10:51:43 | 000,000,064 | ---- | M] () -- C:Lenovo EE Boot Optimizer.log
[2012/06/01 15:34:16 | 4204,969,984 | -HS- | M] () -- C:pagefile.sys
[2009/12/14 17:19:04 | 000,000,334 | ---- | M] () -- C:Pat Metheny-Ornette Coleman - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:Pearl Jam - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:Pete Townshend - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:Peter Gabriel - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:Pink Floyd - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:Playlists - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:Poncho Sanchez - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:Pretenders - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,269 | ---- | M] () -- C:Primus - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,269 | ---- | M] () -- C:Prince - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:Prince Buster - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,264 | ---- | M] () -- C:Queen - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,270 | ---- | M] () -- C:R.E.M - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:Radiohead - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:Ray Charles - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,316 | ---- | M] () -- C:Red Hot Chili Peppers - Shortcut.lnk
[2011/06/02 10:23:54 | 000,002,269 | ---- | M] () -- C:RHDSetup.log
[2009/12/14 17:19:04 | 000,000,301 | ---- | M] () -- C:Robbie Robertson - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:Robert Johnson - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:Robert Palmer - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:Roberta Flack - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:Rod Stewart - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,301 | ---- | M] () -- C:Rufus Wainwright - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,261 | ---- | M] () -- C:Rush - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:Rusted Root - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:Sam Cooke - Shortcut.lnk
[2009/12/13 13:45:56 | 000,000,633 | ---- | M] () -- C:Sample Music.lnk
[2009/12/14 17:19:04 | 000,000,272 | ---- | M] () -- C:Santana - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:Seals & Crofts - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:Sheryl Crow - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,304 | ---- | M] () -- C:Simon & Garfunkel - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:Simply Red - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,304 | ---- | M] () -- C:Smashing Pumpkins - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:Sonic Youth - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:Sonny Rollins - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,269 | ---- | M] () -- C:Spirit - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:Spyro Gyra - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,272 | ---- | M] () -- C:Squeeze - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:Stan Getz - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:Steely Dan - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:Steve Earle - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,349 | ---- | M] () -- C:Steve Earle-The Del McCoury Band - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:Steve Winwood - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,364 | ---- | M] () -- C:Stevie Ray Vaughan and Double Trouble - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,264 | ---- | M] () -- C:Sting - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:Talking Heads - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,325 | ---- | M] () -- C:The Allman Brothers Band - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:The B-52's - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:The Badlees - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:The Beach Boys - Shortcut.lnk
[2010/05/17 09:20:54 | 000,000,821 | ---- | M] () -- C:The Beatles - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,301 | ---- | M] () -- C:The Black Crowes - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:The Black Keys - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,277 | ---- | M] () -- C:The Cars - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:The Clash - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,295 | ---- | M] () -- C:The Commodores - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,277 | ---- | M] () -- C:The Cure - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,319 | ---- | M] () -- C:The Dave Matthews Band - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,280 | ---- | M] () -- C:The Doors - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,334 | ---- | M] () -- C:The Flying Burrito Brothers - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,340 | ---- | M] () -- C:The Good, the Bad & the Queen - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,304 | ---- | M] () -- C:The Grateful Dead - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,298 | ---- | M] () -- C:Various Artists - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,310 | ---- | M] () -- C:Waiting for the Sun - Shortcut.lnk
[2007/01/06 01:37:00 | 002,055,068 | ---- | M] () -- C:Warranty and Customer Support.pdf

< %systemroot%Fonts*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:windowsFontsGlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:windowsFontsGlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:windowsFontsGlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:windowsFontsGlobalUserInterface.CompositeFont

< %systemroot%Fonts*.dll >

< %systemroot%Fonts*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:windowsFontsdesktop.ini

< %systemroot%Fonts*.ini2 >

< %systemroot%Fonts*.exe >

< %systemroot%system32spoolprtprocsw32x86*.* >

< %systemroot%REPAIR*.bak1 >

< %systemroot%REPAIR*.ini >

< %systemroot%system32*.jpg >

< %systemroot%*.jpg >

< %systemroot%*.png >

< %systemroot%*.scr >
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:windowsavastSS.scr
[2011/05/13 16:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:windowsWLXPGSS.SCR

< %systemroot%*._sy >

< %APPDATA%AdobeUpdate*.* >

< %ALLUSERSPROFILE%Favorites*.* >

< %APPDATA%Microsoft*.* >

< %PROGRAMFILES%*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:Program Files (x86)desktop.ini

< %APPDATA%Update*.* >

< %systemroot%*. /mp /s >

< %systemroot%System32config*.sav >

< %PROGRAMFILES%bak. /s >

< %systemroot%system32bak. /s >

< %ALLUSERSPROFILE%Start Menu*.lnk /x >

< %systemroot%system32configsystemprofile*.dat /x >

< %systemroot%*.config >

< %systemroot%system32*.db >

< %PROGRAMFILES%Internet Explorer*.dat >

< %APPDATA%MicrosoftInternet ExplorerQuick Launch*.lnk /x >
[2011/07/08 15:23:24 | 000,000,221 | -HS- | M] () -- C:UserscdooAppDataRoamingMicrosoftInternet ExplorerQuick Launchdesktop.ini

< %USERPROFILE%Desktop*.exe >

< %PROGRAMFILES%Common Files*.* >

< %systemroot%*.src >

< %systemroot%install*.* >

< %systemroot%system32DLL*.* >

< %systemroot%system32HelpFiles*.* >

< %systemroot%system32rundll*.* >

< %systemroot%winn32*.* >

< %systemroot%Java*.* >

< %systemroot%system32test*.* >

< %systemroot%system32Rundll32*.* >

< %systemroot%AppPatchCustom*.* >

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:ProgramDataTemp:5C321E34

< End of report >
ok i dont think i sent the correct thing and am trying again..sorry
netsvcs
drivers32
%SYSTEMDRIVE%*.*
%systemroot%Fonts*.com
%systemroot%Fonts*.dll
%systemroot%Fonts*.ini
%systemroot%Fonts*.ini2
%systemroot%Fonts*.exe
%systemroot%system32spoolprtprocsw32x86*.*
%systemroot%REPAIR*.bak1
%systemroot%REPAIR*.ini
%systemroot%system32*.jpg
%systemroot%*.jpg
%systemroot%*.png
%systemroot%*.scr
%systemroot%*._sy
%APPDATA%AdobeUpdate*.*
%ALLUSERSPROFILE%Favorites*.*
%APPDATA%Microsoft*.*
%PROGRAMFILES%*.*
%APPDATA%Update*.*
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%System32config*.sav
%PROGRAMFILES%bak. /s
%systemroot%system32bak. /s
%ALLUSERSPROFILE%Start Menu*.lnk /x
%systemroot%system32configsystemprofile*.dat /x
%systemroot%*.config
%systemroot%system32*.db
%PROGRAMFILES%Internet Explorer*.dat
%APPDATA%MicrosoftInternet ExplorerQuick Launch*.lnk /x
%USERPROFILE%Desktop*.exe
%PROGRAMFILES%Common Files*.*
%systemroot%*.src
%systemroot%install*.*
%systemroot%system32DLL*.*
%systemroot%system32HelpFiles*.*
%systemroot%system32rundll*.*
%systemroot%winn32*.*
%systemroot%Java*.*
%systemroot%system32test*.*
%systemroot%system32Rundll32*.*
%systemroot%AppPatchCustom*.*
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs

Advertisements

Register to Remove

#2 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 02 June 2012 - 11:44 PM

Hi cdoo,

My name is NoodleTech. I would be glad to assist you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please be aware that removing malware is not without risk and while unrecoverable damage to systems is rare, it can happen and may require a re-format and re-install of your operating system. Because of this it is a good idea to back-up anything important saved on your computer.
The fixes are specific to your problem and should only be used for the issues on this machine.
Do not delete anything unless instructed to.
DO NOT use tools such as ComboFix without supervision.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clean.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Failure to respond within 3 days will result in this topic being closed - If you need more time to complete the steps required, please let me know.

===================================================

Please download DDS by sUBs from one of the following links and save it to your desktop.

- DDS.scr
- DDS.pif
Disable any script blocking protection (How to Disable your Security Programs)
Double click DDS icon to run the tool (may take up to 3 minutes to run)
When done, DDS.txt will open.
After a few moments, attach.txt will open in a second window.
Save both reports to your desktop.

---------------------------------------------------

Post the contents of the DDS.txt report in your next reply
Attach the Attach.txt report to your post by scrolling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

===================================================

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click Scan

Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review.
Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat.
Right click that file and select Send To>Compressed (zipped) file.
Attach that zipped file in your next reply as well.

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#3 cdoo

New Member

Authentic Member
6 posts

Posted 03 June 2012 - 06:07 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsOTL logfile created on: 6/1/2012 5:38:29 PM - Run 3
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\cdoo\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 45.03% Memory free
7.83 Gb Paging File | 5.72 Gb Available in Paging File | 73.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654.69 Gb Total Space | 270.55 Gb Free Space | 41.32% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.41 Gb Free Space | 91.06% Space Free | Partition Type: NTFS
Drive F: | 702.82 Mb Total Space | 497.21 Mb Free Space | 70.75% Space Free | Partition Type: UDF

Computer Name: CDOO-PC | User Name: cdoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\cdoo\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\cdoo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)

========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswOtl.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (RtLedService) -- C:\Program Files\Realtek\RtLED\RtLEDService.exe (Realtek Semiconductor Corp.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...r...N&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...r...N&bmod=LENN
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...amp;rlz=1I7LENN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/23 17:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/12 08:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/26 06:06:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/12 08:00:11 | 000,000,000 | ---D | M]

[2011/07/09 13:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdoo\AppData\Roaming\Mozilla\Extensions
[2011/07/09 13:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdoo\AppData\Roaming\Mozilla\Extensions\express@postbox-inc.com
[2012/05/26 06:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdoo\AppData\Roaming\Mozilla\Firefox\Profiles\xibgbrp1.default\extensions
[2011/09/26 20:24:54 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\cdoo\AppData\Roaming\Mozilla\Firefox\Profiles\xibgbrp1.default\extensions\disconnect@disconnect.me
[2012/04/25 06:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/26 06:48:50 | 000,086,131 | ---- | M] () (No name found) -- C:\USERS\CDOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XIBGBRP1.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2011/07/08 17:44:34 | 000,058,343 | ---- | M] () (No name found) -- C:\USERS\CDOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XIBGBRP1.DEFAULT\EXTENSIONS\{446C03E0-2C35-11DB-A98B-0800200C9A66}.XPI
[2011/07/08 15:21:32 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\CDOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XIBGBRP1.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/05/26 06:48:50 | 000,079,908 | ---- | M] () (No name found) -- C:\USERS\CDOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XIBGBRP1.DEFAULT\EXTENSIONS\PRINTEDIT@DW-DEV.XPI
[2012/04/26 06:06:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/25 06:45:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 06:45:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\cdoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Inside Lane Theme = C:\Users\cdoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\phhlfoncoemedejjabkgniaajejikmpd\1_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - Startup: C:\Users\cdoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\cdoo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\cdoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D86E90F5-498A-47B0-A21A-2C429DA4A366}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/01 08:31:10 | 000,000,000 | ---D | C] -- C:\Users\cdoo\Documents\Bedford Valley Special_files
[2012/05/16 07:19:19 | 000,000,000 | ---D | C] -- C:\Users\cdoo\AppData\Local\ElevatedDiagnostics
[2012/05/13 05:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 05:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/13 05:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/09 05:52:23 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/05/09 05:52:21 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/05/09 05:52:20 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/05/09 05:52:19 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/05/04 20:04:06 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

========== Files - Modified Within 30 Days ==========

[2012/06/01 17:04:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/01 16:53:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/01 15:40:33 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/01 15:40:33 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/01 15:39:45 | 000,727,334 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/01 15:39:45 | 000,624,864 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/01 15:39:45 | 000,106,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/01 15:37:20 | 000,409,285 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/06/01 15:35:10 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/01 15:34:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/01 10:26:20 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 08:31:11 | 000,136,448 | ---- | M] () -- C:\Users\cdoo\Documents\Bedford Valley Special.htm
[2012/05/10 19:57:37 | 000,001,133 | ---- | M] () -- C:\Users\cdoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/05/10 18:46:17 | 000,318,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/04 20:04:12 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/05/04 20:04:11 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/04 20:04:06 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

========== Files Created - No Company Name ==========

[2012/06/01 08:31:10 | 000,136,448 | ---- | C] () -- C:\Users\cdoo\Documents\Bedford Valley Special.htm
[2011/10/16 13:20:15 | 000,026,018 | ---- | C] () -- C:\Users\cdoo\AppData\Roaming\UserTile.png
[2011/10/15 16:32:28 | 000,206,296 | ---- | C] () -- C:\windows\hpwins28.dat.temp
[2011/10/15 16:32:28 | 000,000,418 | ---- | C] () -- C:\windows\hpwmdl28.dat.temp
[2011/07/25 14:28:52 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/07/12 07:49:28 | 000,201,452 | ---- | C] () -- C:\windows\hpoins40.dat
[2011/07/11 18:26:11 | 000,649,057 | ---- | C] () -- C:\windows\hpoins40.dat.temp
[2011/07/11 18:02:38 | 000,000,992 | ---- | C] () -- C:\windows\hpomdl40.dat.temp
[2011/07/09 14:31:22 | 000,743,662 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/09 02:22:13 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/02 19:32:10 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011/06/02 19:32:10 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011/06/02 19:32:10 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011/06/02 19:32:10 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011/06/02 19:32:10 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011/06/02 19:32:10 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011/06/02 19:32:10 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011/06/02 19:32:09 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011/06/02 19:32:09 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011/06/02 19:32:09 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011/06/02 19:32:09 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011/06/02 19:32:09 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011/06/02 10:49:01 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011/06/02 10:49:01 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/06/02 10:49:01 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/06/02 10:49:01 | 000,466,944 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011/06/02 10:48:55 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/06/02 10:34:21 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011/06/02 10:34:21 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011/04/13 23:01:25 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/13 23:01:22 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/04/13 23:01:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/13 22:51:06 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2011/07/31 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\Anthropics
[2011/07/10 19:55:31 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\ArcSyncConfig
[2012/06/01 15:37:04 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\Dropbox
[2011/07/25 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\eM Client
[2011/08/27 11:37:54 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\gtk-2.0
[2011/08/27 13:29:03 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\ooVoo Details
[2011/07/09 15:19:03 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\OpenOffice.org
[2011/07/09 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\Postbox
[2011/08/15 20:20:21 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\rinsebyreal
[2011/10/10 05:49:58 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\Sammsoft
[2011/07/11 13:55:32 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\SBG901
[2012/06/01 10:24:39 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\SoftGrid Client
[2011/07/23 09:44:30 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\Spotify
[2011/07/09 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\Thunderbird
[2011/07/09 14:32:12 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\TP
[2011/07/08 17:01:13 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\Windows Live Writer
[2011/10/18 14:29:50 | 000,000,000 | ---D | M] -- C:\Users\cdoo\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
[2011/12/20 07:01:29 | 000,032,626 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/08/19 23:18:36 | 000,000,082 | -HS- | M] () -- C:\desktop.ini
[2012/06/01 15:35:04 | 000,468,570 | ---- | M] () -- C:\FaceProv.log
[2012/06/01 10:26:20 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/02 19:32:12 | 000,000,028 | ---- | M] () -- C:\IPGPLDOK.TXT
[2011/06/02 10:51:43 | 000,000,064 | ---- | M] () -- C:\Lenovo EE Boot Optimizer.log
[2012/06/01 15:34:16 | 4204,969,984 | -HS- | M] () -- C:\pagefile.sys
[2009/12/14 17:19:04 | 000,000,334 | ---- | M] () -- C:\Pat Metheny-Ornette Coleman - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:\Pearl Jam - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:\Pete Townshend - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:\Peter Gabriel - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:\Pink Floyd - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:\Playlists - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:\Poncho Sanchez - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:\Pretenders - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,269 | ---- | M] () -- C:\Primus - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,269 | ---- | M] () -- C:\Prince - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:\Prince Buster - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,264 | ---- | M] () -- C:\Queen - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,270 | ---- | M] () -- C:\R.E.M - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:\Radiohead - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:\Ray Charles - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,316 | ---- | M] () -- C:\Red Hot Chili Peppers - Shortcut.lnk
[2011/06/02 10:23:54 | 000,002,269 | ---- | M] () -- C:\RHDSetup.log
[2009/12/14 17:19:04 | 000,000,301 | ---- | M] () -- C:\Robbie Robertson - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:\Robert Johnson - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:\Robert Palmer - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:\Roberta Flack - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:\Rod Stewart - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,301 | ---- | M] () -- C:\Rufus Wainwright - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,261 | ---- | M] () -- C:\Rush - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:\Rusted Root - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:\Sam Cooke - Shortcut.lnk
[2009/12/13 13:45:56 | 000,000,633 | ---- | M] () -- C:\Sample Music.lnk
[2009/12/14 17:19:04 | 000,000,272 | ---- | M] () -- C:\Santana - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:\Seals & Crofts - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:\Sheryl Crow - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,304 | ---- | M] () -- C:\Simon & Garfunkel - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:\Simply Red - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,304 | ---- | M] () -- C:\Smashing Pumpkins - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:\Sonic Youth - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:\Sonny Rollins - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,269 | ---- | M] () -- C:\Spirit - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:\Spyro Gyra - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,272 | ---- | M] () -- C:\Squeeze - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:\Stan Getz - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:\Steely Dan - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:\Steve Earle - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,349 | ---- | M] () -- C:\Steve Earle-The Del McCoury Band - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:\Steve Winwood - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,364 | ---- | M] () -- C:\Stevie Ray Vaughan and Double Trouble - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,264 | ---- | M] () -- C:\Sting - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,292 | ---- | M] () -- C:\Talking Heads - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,325 | ---- | M] () -- C:\The Allman Brothers Band - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,283 | ---- | M] () -- C:\The B-52's - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,286 | ---- | M] () -- C:\The Badlees - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:\The Beach Boys - Shortcut.lnk
[2010/05/17 09:20:54 | 000,000,821 | ---- | M] () -- C:\The Beatles - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,301 | ---- | M] () -- C:\The Black Crowes - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,295 | ---- | M] () -- C:\The Black Keys - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,277 | ---- | M] () -- C:\The Cars - Shortcut.lnk
[2009/12/14 17:19:04 | 000,000,280 | ---- | M] () -- C:\The Clash - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,295 | ---- | M] () -- C:\The Commodores - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,277 | ---- | M] () -- C:\The Cure - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,319 | ---- | M] () -- C:\The Dave Matthews Band - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,280 | ---- | M] () -- C:\The Doors - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,334 | ---- | M] () -- C:\The Flying Burrito Brothers - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,340 | ---- | M] () -- C:\The Good, the Bad & the Queen - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,304 | ---- | M] () -- C:\The Grateful Dead - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,298 | ---- | M] () -- C:\Various Artists - Shortcut.lnk
[2009/12/14 17:19:06 | 000,000,310 | ---- | M] () -- C:\Waiting for the Sun - Shortcut.lnk
[2007/01/06 01:37:00 | 002,055,068 | ---- | M] () -- C:\Warranty and Customer Support.pdf

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011/05/13 16:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/08 15:23:24 | 000,000,221 | -HS- | M] () -- C:\Users\cdoo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Install Date: 7/9/2011 2:25:23 AM
System Uptime: 6/2/2012 3:46:52 AM (28 hours ago)
.
Motherboard: LENOVO | | Emerald Lake
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz | CPU | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 655 GiB total, 269.818 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 26.408 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Plus B209a-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP79: 5/1/2012 6:13:54 AM - Windows Update
RP80: 5/4/2012 7:01:02 AM - Windows Update
RP81: 5/8/2012 6:18:41 AM - Windows Update
RP82: 5/10/2012 7:18:09 AM - Windows Update
RP84: 5/15/2012 6:07:24 PM - Windows Update
RP85: 5/22/2012 5:18:24 AM - Windows Update
RP86: 5/25/2012 5:39:53 AM - Windows Update
RP87: 5/29/2012 6:13:20 AM - Windows Update
RP88: 6/1/2012 3:44:05 PM - Windows Update
RP89: 6/1/2012 5:06:54 PM - OTL Restore Point - 6/1/2012 5:06:53 PM
RP90: 6/1/2012 5:40:58 PM - OTL Restore Point - 6/1/2012 5:40:57 PM
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
avast! Free Antivirus
B209a-m
BufferChm
D3DX10
Destinations
DeviceDiscovery
Dropbox
Energy Management
Evernote v. 4.5
GIMP 2.6.10
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
HP Update
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Wireless Display
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 31
Junk Mail filter update
Lenovo DirectShare
Lenovo EasyCamera
Lenovo Games Console
Lenovo OneKey Recovery
Lenovo Smile Dock
Lenovo YouCam
MarketResearch
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Oasis2Service 1.0
Onekey Theater
OpenOffice.org 3.3
Portrait Professional 10.2 Trial
Power2Go
PS_AIO_06_B209a-m_SW_Min
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
SmartWebPrinting
SolutionCenter
Spotify
SpywareBlaster 4.6
Status
The Weather Channel Desktop 6
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
UserGuide
VeriFace
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/2/2012 7:34:15 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
6/1/2012 3:36:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/1/2012 10:25:09 AM, Error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 2 time(s).
.
==== End Of File ===========================

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by cdoo at 7:50:37 on 2012-06-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.2126 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\cdoo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\windows\system32\DllHost.exe
C:\Program Files\Realtek\RtLED\RtLEDService.exe
C:\Program Files\Realtek\RtLED\RtLED.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\SysWOW64\ctfmon.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\cdoo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\cdoo\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\cdoo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Program Files (x86)\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{D86E90F5-498A-47B0-A21A-2C429DA4A366} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{D86E90F5-498A-47B0-A21A-2C429DA4A366}\076656E6E696E6765627 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D86E90F5-498A-47B0-A21A-2C429DA4A366}\3427563737976254675627564747 : DhcpNameServer = 192.168.254.1 192.168.254.2
TCP: Interfaces\{D86E90F5-498A-47B0-A21A-2C429DA4A366}\84F4D454D244131483 : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{D86E90F5-498A-47B0-A21A-2C429DA4A366}\D4F647F627F6C616 : DhcpNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{D86E90F5-498A-47B0-A21A-2C429DA4A366}\E4544574541425 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cdoo\AppData\Roaming\Mozilla\Firefox\Profiles\xibgbrp1.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-23 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
R2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-9-30 311296]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-2 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vm2uvcflt;Vimicro USB Camera Filter 2;C:\windows\system32\Drivers\vm2uvcflt.sys --> C:\windows\system32\Drivers\vm2uvcflt.sys [?]
R3 vm332avs;Lenovo Camera2;C:\windows\system32\Drivers\vm332avs.sys --> C:\windows\system32\Drivers\vm332avs.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-2 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-2 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-01 19:44:45 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF891DA6-F2C9-4E40-A293-CE8CB3620D37}\mpengine.dll
2012-05-16 11:19:19 -------- d-----w- C:\Users\cdoo\AppData\Local\ElevatedDiagnostics
2012-05-09 09:52:23 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-09 09:52:22 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-09 09:52:21 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-09 09:52:21 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-09 09:52:20 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-09 09:52:19 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 09:52:00 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-09 09:51:49 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-09 09:51:46 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 09:51:46 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 09:51:45 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 09:51:45 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 09:51:45 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-05 00:04:06 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-05-05 00:04:12 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 00:04:11 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-24 10:53:59 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-03-06 23:15:19 41184 ----a-w- C:\windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
.
============= FINISH: 7:51:16.80 ===============
ok hope i did this correctly...thanks for all your help

Attached Files

aswMBR.txt 1.96KB 205 downloads

#4 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 03 June 2012 - 12:18 PM

No problem

.

Please do the following

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#5 cdoo

New Member

Authentic Member
6 posts

Posted 03 June 2012 - 02:12 PM

ComboFix 12-06-03.02 - cdoo 06/03/2012 14:59:24.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.1684 [GMT -4:00] Running from: c:\users\cdoo\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\desktop.ini c:\program files (x86)\FunWebProducts c:\programdata\Roaming c:\users\cdoo\g2ax_customer_downloadhelper_win32_x86.exe c:\windows\gt.exe c:\windows\s.bat c:\windows\SysWow64\devil.dll c:\windows\version.txt C:\x c:\x\desktop (2).ini c:\x\desktop (3).ini c:\x\desktop.ini c:\x\Live at the Whisky a Go-Go\01 Los Angeles [Live] (2).wma c:\x\Live at the Whisky a Go-Go\01 Los Angeles [Live] (3).wma c:\x\Live at the Whisky a Go-Go\01 Los Angeles [Live].wma c:\x\Live at the Whisky a Go-Go\02 House I Call Home [Live] (2).wma c:\x\Live at the Whisky a Go-Go\02 House I Call Home [Live] (3).wma c:\x\Live at the Whisky a Go-Go\02 House I Call Home [Live].wma c:\x\Live at the Whisky a Go-Go\03 The New World [Live] (2).wma c:\x\Live at the Whisky a Go-Go\03 The New World [Live] (3).wma c:\x\Live at the Whisky a Go-Go\03 The New World [Live].wma c:\x\Live at the Whisky a Go-Go\04 Around My Heart [Live] (2).wma c:\x\Live at the Whisky a Go-Go\04 Around My Heart [Live] (3).wma c:\x\Live at the Whisky a Go-Go\04 Around My Heart [Live].wma c:\x\Live at the Whisky a Go-Go\05 Surprise, Surprise [Live] (2).wma c:\x\Live at the Whisky a Go-Go\05 Surprise, Surprise [Live] (3).wma c:\x\Live at the Whisky a Go-Go\05 Surprise, Surprise [Live].wma c:\x\Live at the Whisky a Go-Go\06 Because I Do [Live] (2).wma c:\x\Live at the Whisky a Go-Go\06 Because I Do [Live] (3).wma c:\x\Live at the Whisky a Go-Go\06 Because I Do [Live].wma c:\x\Live at the Whisky a Go-Go\07 Burning House of Love [Live] (2).wma c:\x\Live at the Whisky a Go-Go\07 Burning House of Love [Live] (3).wma c:\x\Live at the Whisky a Go-Go\07 Burning House of Love [Live].wma c:\x\Live at the Whisky a Go-Go\08 My Goodness [Live] (2).wma c:\x\Live at the Whisky a Go-Go\08 My Goodness [Live] (3).wma c:\x\Live at the Whisky a Go-Go\08 My Goodness [Live].wma c:\x\Live at the Whisky a Go-Go\09 Blue Spark [Live] (2).wma c:\x\Live at the Whisky a Go-Go\09 Blue Spark [Live] (3).wma c:\x\Live at the Whisky a Go-Go\09 Blue Spark [Live].wma c:\x\Live at the Whisky a Go-Go\10 The Once Over Twice [Live] (2).wma c:\x\Live at the Whisky a Go-Go\10 The Once Over Twice [Live] (3).wma c:\x\Live at the Whisky a Go-Go\10 The Once Over Twice [Live].wma c:\x\Live at the Whisky a Go-Go\11 Devil Doll [Live] (2).wma c:\x\Live at the Whisky a Go-Go\11 Devil Doll [Live] (3).wma c:\x\Live at the Whisky a Go-Go\11 Devil Doll [Live].wma c:\x\Live at the Whisky a Go-Go\12 The Hungry Wolf [Live] (2).wma c:\x\Live at the Whisky a Go-Go\12 The Hungry Wolf [Live] (3).wma c:\x\Live at the Whisky a Go-Go\12 The Hungry Wolf [Live].wma c:\x\Live at the Whisky a Go-Go\13 Unheard Music [Live] (2).wma c:\x\Live at the Whisky a Go-Go\13 Unheard Music [Live] (3).wma c:\x\Live at the Whisky a Go-Go\13 Unheard Music [Live].wma c:\x\Live at the Whisky a Go-Go\14 Riding With Mary [Live] (2).wma c:\x\Live at the Whisky a Go-Go\14 Riding With Mary [Live] (3).wma c:\x\Live at the Whisky a Go-Go\14 Riding With Mary [Live].wma c:\x\Live at the Whisky a Go-Go\15 World's a Mess, It's in My Kiss [Live] (2).wma c:\x\Live at the Whisky a Go-Go\15 World's a Mess, It's in My Kiss [Live] (3).wma c:\x\Live at the Whisky a Go-Go\15 World's a Mess, It's in My Kiss [Live].wma c:\x\Live at the Whisky a Go-Go\16 White Girl (2).wma c:\x\Live at the Whisky a Go-Go\16 White Girl (3).wma c:\x\Live at the Whisky a Go-Go\16 White Girl.wma c:\x\Live at the Whisky a Go-Go\17 Skin Deep Town [Live] (2).wma c:\x\Live at the Whisky a Go-Go\17 Skin Deep Town [Live] (3).wma c:\x\Live at the Whisky a Go-Go\17 Skin Deep Town [Live].wma c:\x\Live at the Whisky a Go-Go\18 So Long (It's Been Good to Know Yuh) [Live] (2).wma c:\x\Live at the Whisky a Go-Go\18 So Long (It's Been Good to Know Yuh) [Live] (3).wma c:\x\Live at the Whisky a Go-Go\18 So Long (It's Been Good to Know Yuh) [Live].wma c:\x\Live at the Whisky a Go-Go\19 The Call of the Wreckin' Ball [Live] (2).wma c:\x\Live at the Whisky a Go-Go\19 The Call of the Wreckin' Ball [Live] (3).wma c:\x\Live at the Whisky a Go-Go\19 The Call of the Wreckin' Ball [Live].wma c:\x\Live at the Whisky a Go-Go\20 Year 1 [Live] (2).wma c:\x\Live at the Whisky a Go-Go\20 Year 1 [Live] (3).wma c:\x\Live at the Whisky a Go-Go\20 Year 1 [Live].wma c:\x\Live at the Whisky a Go-Go\21 Johny Hit and Run Pauline [Live] (2).wma c:\x\Live at the Whisky a Go-Go\21 Johny Hit and Run Pauline [Live] (3).wma c:\x\Live at the Whisky a Go-Go\21 Johny Hit and Run Pauline [Live].wma c:\x\Live at the Whisky a Go-Go\AlbumArt_{80929504-7514-4B70-B5AB-1F70FB4E55EA}_Large (2).jpg c:\x\Live at the Whisky a Go-Go\AlbumArt_{80929504-7514-4B70-B5AB-1F70FB4E55EA}_Large (3).jpg c:\x\Live at the Whisky a Go-Go\AlbumArt_{80929504-7514-4B70-B5AB-1F70FB4E55EA}_Large.jpg c:\x\Live at the Whisky a Go-Go\AlbumArt_{80929504-7514-4B70-B5AB-1F70FB4E55EA}_Small (2).jpg c:\x\Live at the Whisky a Go-Go\AlbumArt_{80929504-7514-4B70-B5AB-1F70FB4E55EA}_Small (3).jpg c:\x\Live at the Whisky a Go-Go\AlbumArt_{80929504-7514-4B70-B5AB-1F70FB4E55EA}_Small.jpg c:\x\Live at the Whisky a Go-Go\AlbumArtSmall (2).jpg c:\x\Live at the Whisky a Go-Go\AlbumArtSmall (3).jpg c:\x\Live at the Whisky a Go-Go\AlbumArtSmall.jpg c:\x\Live at the Whisky a Go-Go\desktop (2).ini c:\x\Live at the Whisky a Go-Go\desktop (3).ini c:\x\Live at the Whisky a Go-Go\desktop.ini c:\x\Live at the Whisky a Go-Go\Folder (2).jpg c:\x\Live at the Whisky a Go-Go\Folder (3).jpg c:\x\Live at the Whisky a Go-Go\Folder.jpg c:\x\Ziggy Marley & the Melody Makers\Conscious Party\01 Conscious Party.wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\02 Lee and Molly.wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\03 Tomorrow People.wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\04 New Love.wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\05 Tumblin' Down.wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\06 We a Guh Some Weh [CD Only].wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\07 A Who a Say.wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\08 Have You Ever Been to Hell.wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\09 We Propose.wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\10 What's True.wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\11 Dreams of Home.wma c:\x\Ziggy Marley & the Melody Makers\Conscious Party\AlbumArt_{B5213C1E-7545-4B7F-8218-4908471EEAF2}_Large.jpg c:\x\Ziggy Marley & the Melody Makers\Conscious Party\AlbumArt_{B5213C1E-7545-4B7F-8218-4908471EEAF2}_Small.jpg c:\x\Ziggy Marley & the Melody Makers\Conscious Party\AlbumArtSmall.jpg c:\x\Ziggy Marley & the Melody Makers\Conscious Party\desktop.ini c:\x\Ziggy Marley & the Melody Makers\Conscious Party\Folder.jpg c:\x\Ziggy Marley & the Melody Makers\desktop.ini . . ((((((((((((((((((((((((( Files Created from 2012-05-03 to 2012-06-03 ))))))))))))))))))))))))))))))) . . 2012-06-03 19:18 . 2012-06-03 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-01 19:44 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF891DA6-F2C9-4E40-A293-CE8CB3620D37}\mpengine.dll 2012-05-16 11:19 . 2012-05-16 11:19 -------- d-----w- c:\users\cdoo\AppData\Local\ElevatedDiagnostics 2012-05-13 09:25 . 2012-05-13 09:25 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-13 09:25 . 2012-05-13 09:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-05-09 09:52 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-09 09:52 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-09 09:52 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-09 09:52 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-09 09:52 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-09 09:52 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-09 09:52 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-09 09:51 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-09 09:51 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-09 09:51 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 09:51 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-09 09:51 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-09 09:51 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-05 00:04 . 2012-05-05 00:04 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 00:04 . 2012-04-24 10:48 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 00:04 . 2011-07-08 20:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-24 10:53 . 2011-07-08 21:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-06 23:15 . 2011-07-08 20:31 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:15 . 2011-07-08 20:31 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-03-06 23:15 . 2011-07-08 20:31 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-06 23:04 . 2011-07-08 20:31 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-06 23:04 . 2011-07-08 20:31 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-06 23:02 . 2012-04-23 21:50 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-03-06 23:01 . 2011-07-08 20:31 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-06 23:01 . 2011-07-08 20:31 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-06 23:01 . 2011-07-08 20:31 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2011-06-02 14:57 433648 ----a-w- c:\programdata\Partner\Partner.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\cdoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\cdoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\cdoo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576] "YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488] "YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352] "VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-06-02 329056] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\cdoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\cdoo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe [2010-12-17 1927528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-02 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-02 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080] S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe [2010-09-30 311296] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [x] S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 00:04] . 2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-02 14:57] . 2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-02 14:57] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\cdoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\cdoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\cdoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\cdoo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2011-06-02 14:49 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584] "Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-06-02 114688] "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-06-02 789920] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-06-02 9769888] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-06-02 5908928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://lenovo.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\users\cdoo\AppData\Roaming\Mozilla\Firefox\Profiles\xibgbrp1.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-03 16:06:21 ComboFix-quarantined-files.txt 2012-06-03 20:06 . Pre-Run: 326,551,461,888 bytes free Post-Run: 327,036,407,808 bytes free . - - End Of File - - 525D8E490E34A11FE697EB0F12EEA00B here it is...thanks

#6 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 03 June 2012 - 11:46 PM

Hi cdoo,

Looking good! How is the computer behaving now?

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#7 cdoo

New Member

Authentic Member
6 posts

Posted 04 June 2012 - 04:14 AM

yes computer is better..have not received as of late the spam emails sent from my friends on contact list who never sent them to me.... Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.04.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 cdoo :: CDOO-PC [administrator] 6/4/2012 6:10:15 AM mbam-log-2012-06-04 (06-10-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206035 Time elapsed: 2 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) thanks for your help

#8 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 04 June 2012 - 11:29 AM

Great

A few more things to do before we can be sure your computer is clean.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 Update 4.
After the download completes, close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Double click the Java setup file you just downloaded and follow the prompts to begin the installation.

Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon. Posted Image

Under Temporary Internet Files, click the Settings... button
click the Delete Files button.
There are three options in the window to clear the cache - Leave all 3 Checked
- Downloaded Applets
  Downloaded Applications
  Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Settings
Click OK to leave the Java Control Panel.

===================================================

Flash Player is out of date

Outdated versions of Flash are vulnerable to malware infections.
Please uninstall old versions of Flash Player by following the instructions here.
Next, click here to download the latest version of Flash Player.
Uncheck "Yes, install Google Toolbar - optional" if you do not want to install Google Toolbar.
Click Download Now then double click on the setup file to start the installation.

===================================================

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#9 cdoo

New Member

Authentic Member
6 posts

Posted 05 June 2012 - 03:48 AM

ok updated java and flash player.....ran the eset scan and it showed no threats therefore didnt allow and futher actions????? I did receive another email which i did not open(deleted it) from a person i know in my contacts....however i could see from the discription that it was another spam email...thanks again.

#10 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 05 June 2012 - 11:07 AM

Hi cdoo,

You are very welcome. Receiving spam email does not mean that your computer is infected. If your friends or contacts start to receive spam email from you, then you should be concerned.

Please delete DDS and aswMBR.

Follow these steps to uninstall Combofix

* Click START
* Now type ComboFix /Uninstall in the searchbox and hit ENTER. Note the space between the X and the /, it needs to be there.
(Note: There is a space between the ..X and the /U that needs to be there.)

Posted Image

===================================================

Here are some tips to reduce the potential for spyware infection in the future:

Updates

It is very important that you keep your Operating System and applications up to date so that you will be less susceptible to malware.
It's a good idea to have Windows Update automatically download and install updates as they become available.
Secunia Online Software Inspector is a great tool that will tell you which of your applications are outdated and vulnerable to attack.

Run Anti-Virus Software

For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system.
When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
Once complete, remember to re-engage your resident security before going online.

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection.
Refer to this Microsoft article
Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

Spyware Protection

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
How to Prevent Malware by miekiemoes
PC Safety and Security--What Do I Need?

Additional Software

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements.
Google Chrome is a great alternative to Internet Explorer and Firefox.

Follow these steps, keep your antivirus program and antispyware programs updated, and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

Do you have any further questions?

**Please respond one more time to confirm your problem is resolved so I can close this thread.

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#11 cdoo

New Member

Authentic Member
6 posts

Posted 08 June 2012 - 06:43 AM

ok thanks you was on vacation...sorry for not getting back to you...you were so helpful and FAST.....Thanks again!

#12 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 08 June 2012 - 11:59 AM

No problem! :thumbup:

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#13 NoodleTech

Malware Eradicator

Visiting Fellow
2,380 posts

Posted 08 June 2012 - 12:49 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

Body Background

skin color theme