savgbst1
2010-09-26, 19:30
got my chica a spanking new lap top for school. suddenly it started going really slow, and when you try to open nearly any program, it gives the message cannot find specified file or path. you may not have the appropriate permissions. we dont have more than one user account, and shes the administrator...so i wonder if there's something on here?? you guys have always beena huge help...so here we go! thanks in advance!
DDS log -
DDS (Ver_10-03-17.01) - NTFSX64
Run by Amy at 22:25:01.18 on Sat 09/25/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2576 [GMT -7:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Online Armor\oaui.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\rundll32.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Amy\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: GuardId.MSIEBrowser.BHO: {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} - mscoree.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
dRunOnce: [WLStart] "c:\program files (x86)\windows live\installer\wlstart.exe" /nosearch /nohomepage
StartupFolder: c:\users\amy\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun-x64: [EnergyUtility] c:\program files (x86)\lenovo\energy management\utility.exe
mRun-x64: [Energy Management] c:\program files (x86)\lenovo\energy management\Energy Management.exe
mRun-x64: [@OnlineArmor GUI] "c:\program files (x86)\online armor\oaui.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\amy\appdata\roaming\mozilla\firefox\profiles\m9ypenjp.default\
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\amy\appdata\roaming\mozilla\firefox\profiles\m9ypenjp.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-3 121936]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2010-6-15 58896]
R1 OADevice;OADriver;c:\windows\syswow64\drivers\OADriver.sys [2010-9-3 53840]
R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys [2010-9-3 54896]
R1 OAmon;OAmon;c:\windows\syswow64\drivers\OAmon.sys [2010-9-3 37872]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-3 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-3 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
R2 IGRS;IGRS;c:\program files (x86)\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 OAcat;Online Armor Helper Service;c:\program files (x86)\online armor\oacat.exe [2010-9-3 380272]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\ddni\oasis2service 1.0\Oasis2Service.exe [2010-3-24 46080]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-3 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\online armor\oasrv.exe [2010-9-3 3638240]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-6-15 26128]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-9-3 32728]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2010-6-15 11280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2010-6-15 79376]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2010-6-15 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2010-6-15 579400]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-5 1255736]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 121840]
=============== Created Last 30 ================
2010-09-15 18:11:04 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-15 16:27:02 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-05 20:17:42 0 d-----w- C:\Downloads
2010-09-05 19:51:24 0 d-----w- c:\windows\pss
2010-09-05 19:39:39 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-05 19:27:49 0 d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-09-05 19:21:23 0 d-sh--w- c:\windows\syswow64\%APPDATA%
2010-09-05 17:33:10 0 d-----w- c:\windows\syswow64\Wat
2010-09-05 17:33:09 0 d-----w- c:\windows\system32\Wat
2010-09-05 17:30:55 0 d-----w- c:\users\amy\Tracing
2010-09-05 17:28:41 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-05 17:28:41 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll
2010-09-05 16:58:01 0 d-----w- c:\program files (x86)\FileHippo.com
2010-09-05 16:56:13 0 d-----w- c:\program files (x86)\VideoLAN
2010-09-05 16:55:35 0 d-----w- c:\program files (x86)\uTorrent
2010-09-05 16:55:12 0 d-----w- c:\users\amy\appdata\roaming\uTorrent
2010-09-05 16:54:53 0 d-----w- c:\program files\Defraggler
2010-09-05 16:42:57 0 d-----w- c:\program files\Microsoft Office
2010-09-05 16:42:44 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-09-05 16:40:58 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-09-05 16:40:58 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-09-05 16:40:58 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-05 16:40:58 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-09-05 16:40:58 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-05 16:40:58 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-09-05 16:40:58 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-09-05 16:40:58 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-09-05 16:40:58 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-09-05 16:40:58 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-05 16:39:17 0 d-----w- c:\programdata\Microsoft Help
2010-09-05 05:31:59 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-09-05 05:30:50 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-09-05 05:30:50 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-09-05 05:30:50 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-09-05 05:30:47 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-09-05 05:30:47 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-09-05 05:30:47 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-09-05 05:30:47 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-05 05:29:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-09-05 05:29:58 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-09-05 05:29:58 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-09-05 05:29:58 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-09-05 05:29:56 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-09-05 05:29:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-03 18:32:37 0 d-----w- c:\windows\syswow64\Macromed
2010-09-03 18:30:28 0 d-----w- c:\programdata\NOS
2010-09-03 14:57:40 0 d-----w- c:\users\amy\appdata\roaming\EasyCapture
2010-09-03 14:49:38 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-09-03 14:28:52 0 d-----w- c:\program files (x86)\CCleaner
2010-09-03 14:09:19 0 d-----w- c:\users\amy\appdata\roaming\OnlineArmor
2010-09-03 14:09:19 0 d-----w- c:\programdata\OnlineArmor
2010-09-03 14:07:07 425640 ----a-w- c:\windows\oaevent.dll
2010-09-03 14:07:07 32728 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-09-03 14:06:47 0 d-----w- c:\program files (x86)\Online Armor
2010-09-03 14:03:22 0 d-----w- c:\users\amy\appdata\roaming\ID Vault
2010-09-03 14:02:28 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-09-03 13:17:37 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-03 13:17:37 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-03 13:07:36 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-03 13:07:36 0 ----a-w- c:\windows\syswow64\config.nt
2010-09-03 13:07:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-03 13:07:12 167592 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-09-03 13:07:09 0 d-----w- c:\programdata\Alwil Software
2010-09-03 13:07:09 0 d-----w- c:\program files\Alwil Software
2010-09-03 12:54:36 0 d-----w- c:\users\amy\appdata\roaming\ooVoo Details
2010-09-03 12:47:49 0 d-----w- c:\windows\CabLogs
2010-09-03 12:47:35 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-09-03 12:47:35 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-09-03 12:47:34 139264 ----a-w- c:\windows\system32\cabview.dll
2010-09-03 12:47:34 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-09-03 12:46:26 0 d-sh--w- C:\Recovery
==================== Find3M ====================
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 22:27:02.86 ===============
DDS log -
DDS (Ver_10-03-17.01) - NTFSX64
Run by Amy at 22:25:01.18 on Sat 09/25/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2576 [GMT -7:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Online Armor\oaui.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\rundll32.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Amy\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: GuardId.MSIEBrowser.BHO: {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} - mscoree.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
dRunOnce: [WLStart] "c:\program files (x86)\windows live\installer\wlstart.exe" /nosearch /nohomepage
StartupFolder: c:\users\amy\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun-x64: [EnergyUtility] c:\program files (x86)\lenovo\energy management\utility.exe
mRun-x64: [Energy Management] c:\program files (x86)\lenovo\energy management\Energy Management.exe
mRun-x64: [@OnlineArmor GUI] "c:\program files (x86)\online armor\oaui.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\amy\appdata\roaming\mozilla\firefox\profiles\m9ypenjp.default\
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\amy\appdata\roaming\mozilla\firefox\profiles\m9ypenjp.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-3 121936]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2010-6-15 58896]
R1 OADevice;OADriver;c:\windows\syswow64\drivers\OADriver.sys [2010-9-3 53840]
R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys [2010-9-3 54896]
R1 OAmon;OAmon;c:\windows\syswow64\drivers\OAmon.sys [2010-9-3 37872]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-3 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-3 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
R2 IGRS;IGRS;c:\program files (x86)\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 OAcat;Online Armor Helper Service;c:\program files (x86)\online armor\oacat.exe [2010-9-3 380272]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\ddni\oasis2service 1.0\Oasis2Service.exe [2010-3-24 46080]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-3 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\online armor\oasrv.exe [2010-9-3 3638240]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-6-15 26128]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 40384]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-9-3 32728]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2010-6-15 11280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2010-6-15 79376]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2010-6-15 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2010-6-15 579400]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-5 1255736]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 121840]
=============== Created Last 30 ================
2010-09-15 18:11:04 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-15 16:27:02 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-05 20:17:42 0 d-----w- C:\Downloads
2010-09-05 19:51:24 0 d-----w- c:\windows\pss
2010-09-05 19:39:39 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-05 19:27:49 0 d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-09-05 19:21:23 0 d-sh--w- c:\windows\syswow64\%APPDATA%
2010-09-05 17:33:10 0 d-----w- c:\windows\syswow64\Wat
2010-09-05 17:33:09 0 d-----w- c:\windows\system32\Wat
2010-09-05 17:30:55 0 d-----w- c:\users\amy\Tracing
2010-09-05 17:28:41 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-05 17:28:41 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll
2010-09-05 16:58:01 0 d-----w- c:\program files (x86)\FileHippo.com
2010-09-05 16:56:13 0 d-----w- c:\program files (x86)\VideoLAN
2010-09-05 16:55:35 0 d-----w- c:\program files (x86)\uTorrent
2010-09-05 16:55:12 0 d-----w- c:\users\amy\appdata\roaming\uTorrent
2010-09-05 16:54:53 0 d-----w- c:\program files\Defraggler
2010-09-05 16:42:57 0 d-----w- c:\program files\Microsoft Office
2010-09-05 16:42:44 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-09-05 16:40:58 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-09-05 16:40:58 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-09-05 16:40:58 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-05 16:40:58 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-09-05 16:40:58 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-05 16:40:58 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-09-05 16:40:58 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-09-05 16:40:58 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-09-05 16:40:58 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-09-05 16:40:58 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-05 16:39:17 0 d-----w- c:\programdata\Microsoft Help
2010-09-05 05:31:59 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-09-05 05:30:50 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-09-05 05:30:50 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-09-05 05:30:50 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-09-05 05:30:47 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-09-05 05:30:47 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-09-05 05:30:47 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-09-05 05:30:47 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-05 05:29:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-09-05 05:29:58 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-09-05 05:29:58 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-09-05 05:29:58 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-09-05 05:29:56 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-09-05 05:29:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-03 18:32:37 0 d-----w- c:\windows\syswow64\Macromed
2010-09-03 18:30:28 0 d-----w- c:\programdata\NOS
2010-09-03 14:57:40 0 d-----w- c:\users\amy\appdata\roaming\EasyCapture
2010-09-03 14:49:38 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-09-03 14:28:52 0 d-----w- c:\program files (x86)\CCleaner
2010-09-03 14:09:19 0 d-----w- c:\users\amy\appdata\roaming\OnlineArmor
2010-09-03 14:09:19 0 d-----w- c:\programdata\OnlineArmor
2010-09-03 14:07:07 425640 ----a-w- c:\windows\oaevent.dll
2010-09-03 14:07:07 32728 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-09-03 14:06:47 0 d-----w- c:\program files (x86)\Online Armor
2010-09-03 14:03:22 0 d-----w- c:\users\amy\appdata\roaming\ID Vault
2010-09-03 14:02:28 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-09-03 13:17:37 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-03 13:17:37 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-03 13:07:36 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-03 13:07:36 0 ----a-w- c:\windows\syswow64\config.nt
2010-09-03 13:07:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-03 13:07:12 167592 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-09-03 13:07:09 0 d-----w- c:\programdata\Alwil Software
2010-09-03 13:07:09 0 d-----w- c:\program files\Alwil Software
2010-09-03 12:54:36 0 d-----w- c:\users\amy\appdata\roaming\ooVoo Details
2010-09-03 12:47:49 0 d-----w- c:\windows\CabLogs
2010-09-03 12:47:35 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-09-03 12:47:35 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-09-03 12:47:34 139264 ----a-w- c:\windows\system32\cabview.dll
2010-09-03 12:47:34 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-09-03 12:46:26 0 d-sh--w- C:\Recovery
==================== Find3M ====================
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 22:27:02.86 ===============