Jump to content


Photo
- - - - -

kernel stack inpage error


  • Please log in to reply
21 replies to this topic

#1 rinoscar

rinoscar

    Enthusiast

  • Members
  • PipPipPipPip
  • 135 posts

Posted 10 March 2012 - 12:17 PM

Hi,

In the last few weeks, I've been getting a blue screen with the error called kernel stack inpage error. Went online to try and see how to resolve this, but there is no quick fix. Wondering if there is a way you can help in trying to locate the problem.

Thanks,

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 10 March 2012 - 03:54 PM

Might possibly be a hardware issue, memory or harddrive, but can we do the following
Download OTL.exe by OldTimer to your Desktop.
  • Double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 rinoscar

rinoscar

    Enthusiast

  • Members
  • PipPipPipPip
  • 135 posts

Posted 10 March 2012 - 08:07 PM

OTL logfile created on: 10/03/2012 8:45:12 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\L\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.83% Memory free
4.13 Gb Paging File | 2.71 Gb Available in Paging File | 65.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 186.17 Gb Free Space | 83.99% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.78 Gb Free Space | 38.70% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.09% Space Free | Partition Type: NTFS

Computer Name: LENOVO | User Name: L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 20:43:53 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\L\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/17 11:03:18 | 000,099,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/08/11 19:04:14 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/07/12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011/07/12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/06/22 18:49:24 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/06/22 18:30:38 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2010/07/27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/08/04 03:32:00 | 000,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/06/16 01:51:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/06/16 01:51:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009/02/27 15:50:42 | 000,573,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/02/27 15:49:22 | 000,233,472 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/02/27 15:49:12 | 000,118,784 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/02/27 15:26:46 | 000,159,744 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008/08/31 13:02:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/06/13 22:27:44 | 000,861,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
PRC - [2008/06/13 19:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/05/24 18:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/01/20 21:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/13 11:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 14:44:05 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PWMUIAux\6ef215c30ed8a99e38b776ba6ee046e5\PWMUIAux.ni.exe
MOD - [2012/02/17 11:46:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/17 11:42:33 | 000,539,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dcd90ef8aff61786a94c097f30d9947d\PresentationFramework.Luna.ni.dll
MOD - [2012/02/17 11:42:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012/02/17 11:41:51 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll
MOD - [2012/02/17 11:41:01 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MOD - [2012/02/17 11:40:28 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/17 11:40:17 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/14 19:43:14 | 000,584,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PWMUICtl\680d7ca32bbaa24279d69561db3a1f2d\PWMUICtl.ni.dll
MOD - [2011/10/14 19:05:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/01 21:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtGui4.dll
MOD - [2010/10/01 21:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtCore4.dll
MOD - [2010/10/01 20:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\localization_manager.dll
MOD - [2009/10/30 19:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\dblite.dll
MOD - [2009/06/16 01:51:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMROV.DLL
MOD - [2009/06/16 01:51:00 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2008/07/17 18:37:40 | 000,139,264 | ---- | M] () -- c:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/06/18 18:28:44 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011/07/12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/06/22 18:49:24 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2011/06/22 18:30:38 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2010/07/27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/16 01:51:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 03:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/02/27 15:49:22 | 000,233,472 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/02/27 15:49:12 | 000,118,784 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008/06/13 19:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/24 18:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/01/20 21:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/23 07:29:22 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Apoint2K\ApRunSvc.exe -- (ApRunSvc)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NETw5v32) Intel®
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MUXMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2011/08/03 17:15:04 | 007,341,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel®
DRV - [2011/03/15 22:12:16 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/06/17 03:37:30 | 000,467,072 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/12/14 11:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 11:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/11/24 10:43:30 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009/10/02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/06/16 01:51:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/05/11 12:56:26 | 000,013,352 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\session\7yuj31us\tpflhlp.sys -- (tpflhlp)
DRV - [2009/03/19 20:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/11/25 16:37:48 | 001,754,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/09/25 02:49:52 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/05/14 18:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 18:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/04/18 18:40:24 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/22 17:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 04:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 21:23:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/20 21:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 21:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/10/18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/29 21:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 20:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 18:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 18:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 18:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 18:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 18:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 18:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 18:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 18:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/06/07 19:36:44 | 000,081,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/02/08 22:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rms}&FORM=LENIE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {46243E80-0E8C-442E-AF55-80BB093BFD5F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{46243E80-0E8C-442E-AF55-80BB093BFD5F}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 21:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/03/15 22:13:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009/03/26 10:15:24 | 000,000,000 | ---D | M]

[2009/06/05 09:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L\AppData\Roaming\mozilla\Extensions
[2009/06/05 09:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/08 07:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/08 07:13:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/04/07 22:23:37 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected] removed for spamming
[2012/02/18 21:58:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 16:03:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88D845A3-1B3A-4F43-9AFA-576B4A4867C7}: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 11:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 17:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{4491dad7-1a0d-11de-9193-0022680a24dd}\Shell - "" = AutoRun
O33 - MountPoints2\{4491dad7-1a0d-11de-9193-0022680a24dd}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 17:37:58 | 000,180,224 | -HS- | M] ()
O33 - MountPoints2\{7ab04156-ae0d-11de-bd67-001c259cb30d}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{d60a9246-1a12-11de-bb86-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d60a9246-1a12-11de-bb86-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 11:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 20:43:43 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\L\Desktop\OTL.exe
[2012/03/08 07:12:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/08 07:12:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/08 07:12:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/04 16:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/03/04 16:14:46 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Local\Google
[2012/03/04 16:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/23 16:23:38 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012/02/16 20:36:34 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/02/16 20:36:34 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/16 20:36:33 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/16 20:36:33 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 20:36:32 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 20:36:32 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/16 20:36:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 20:36:32 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 20:36:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/16 20:36:28 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/10 21:00:37 | 005,346,088 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.html
[2012/03/10 20:57:00 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{919F69F7-231B-43C4-AA43-467BEFAAB33F}.job
[2012/03/10 20:43:53 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\L\Desktop\OTL.exe
[2012/03/10 20:11:19 | 018,737,238 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2012/03/10 20:11:06 | 000,003,191 | ---- | M] () -- C:\Users\Public\Documents\AcIpConfig.dat
[2012/03/10 20:11:00 | 000,027,074 | ---- | M] () -- C:\Users\Public\Documents\ACGinaWinlogon.dat
[2012/03/10 20:10:51 | 010,485,744 | ---- | M] () -- C:\Users\Public\Documents\Archive_AccConnAdvanced.html
[2012/03/10 20:08:57 | 000,001,024 | ---- | M] () -- C:\Users\L\.rnd
[2012/03/10 20:07:06 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 20:07:06 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 20:06:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 20:06:46 | 2088,796,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/10 12:31:03 | 350,376,821 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/08 07:12:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/08 07:12:04 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/08 07:12:04 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/08 07:12:04 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/07 20:25:51 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/07 20:25:51 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/04 16:59:30 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/29 20:05:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/23 16:23:38 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/17 11:37:28 | 000,379,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/15 22:15:05 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/03/15 22:15:04 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8D0D4418

< End of report >

#4 rinoscar

rinoscar

    Enthusiast

  • Members
  • PipPipPipPip
  • 135 posts

Posted 10 March 2012 - 08:09 PM

OTL Extras logfile created on: 10/03/2012 8:45:12 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\L\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.83% Memory free
4.13 Gb Paging File | 2.71 Gb Available in Paging File | 65.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 186.17 Gb Free Space | 83.99% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.78 Gb Free Space | 38.70% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.09% Space Free | Partition Type: NTFS

Computer Name: LENOVO | User Name: L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1947EE1B-9C17-4B98-ABF7-0C6783246E11}" = lport=445 | protocol=6 | dir=in | app=system |
"{266FE709-A251-4370-A6F5-62A2524ECC9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{84D4528C-7114-4D4A-B370-643CBEBE1631}" = rport=137 | protocol=17 | dir=out | app=system |
"{9A2C2C9C-166B-4D36-96D7-E30048688FEB}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E501D2B-D437-418A-8BB9-A77633345AC5}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FE47829-568F-4C47-9928-709377432F7C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2913D20-24B2-493D-BA12-812F0A6E816F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A90E8227-569B-40C8-80E4-B22FA42FB160}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB213876-1A08-4649-BDF8-510EF9B240EE}" = lport=139 | protocol=6 | dir=in | app=system |
"{FBFCAA78-CB20-49A7-A3AB-1A07213ADE33}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0796F658-8980-4231-8AA9-D614DC45BCD5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{09672DF7-2FC4-4CBC-A5C5-7AFEFD0F4330}" = protocol=58 | dir=in | [email protected],-28545 |
"{0FC55069-9E0B-4296-8C3B-1E379B44D3B5}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{1E238644-A7F0-4F19-8EC4-5470BF1DDE7D}" = protocol=1 | dir=in | [email protected],-28543 |
"{37942724-559C-4AC4-9207-0FFFF920B4D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43E1C8BD-342F-4754-B368-FD354A0AE348}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4F9C437B-765C-475D-88E3-109B84147DED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{52DADF07-D1DD-4A95-990D-752971F30320}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{690ACD6F-355A-4AEC-8E1B-0522E90BCF04}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{70B46A5D-00FB-422A-9533-27A76F3E09EE}" = protocol=58 | dir=out | [email protected],-28546 |
"{7659422C-D2CD-450B-9F70-C798F766F22B}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{7BE47880-A409-485C-B56F-10F706395DDE}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8B258DDD-4194-4740-98D9-6EBCA3B9C304}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{945DEE63-8686-48F8-AB57-F749E49B2BD2}" = protocol=1 | dir=out | [email protected],-28544 |
"{985E27C3-284B-43E8-B77F-6957AE39F6BF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A32523AF-2476-4FD7-9463-6F4104AB9555}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{A4E6D77C-5C2D-40E1-96A4-ED59C206CE6C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C9219630-C9AB-4A8E-B6C7-27F1EFADBFA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CA954E3A-37B4-4C93-BC4D-5A04FB00689F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FEBDED3B-4326-4C2C-8D0D-4ADE46DDE9F4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1189955B-C6E8-4606-AE6C-CD64791DB544}" = Mobile Broadband Connect
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{3FE3D6A5-2F5E-4870-A3AC-D1D88E0B2797}" = Intel® PROSet/Wireless WiFi Software
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5523092E-13AA-4EED-8E18-255860F6D9DC}" = ThinkVantage Status Gadget
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF065AA8-D2B7-4F49-931A-63E1FB9899E2}" = VitalSource Bookshelf
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"386CAF2F8306A2DD7EBAEAA5A86D98BE177DC951" = Windows Driver Package - Lenovo 1.45 (02/18/2008 1.45)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"E4ACAC6700911AAA3BC0CD6C581A68BFC6AB001E" = Windows Driver Package - Broadcom (b57nd60x) Net (11/29/2007 10.62.1.2)
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"F47257BFD82AA5BBF9668FC2EE9A258601FCE833" = Windows Driver Package - Intel (iaStor) hdc (11/03/2008 8.6.3.1004)
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"FrostWire 5" = FrostWire 5.2.11
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome v1.0.24.3
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo System Toolbox
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 8:43:57 PM | Computer Name = Lenovo | Source = EventSystem | ID = 4621
Description =

Error - 10/03/2012 8:44:20 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3084
Description =

Error - 10/03/2012 9:07:15 PM | Computer Name = Lenovo | Source = WinMgmt | ID = 10
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 05/03/2011 9:12:25 PM | Computer Name = Lenovo | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

[ System Events ]
Error - 10/03/2012 1:31:48 PM | Computer Name = Lenovo | Source = Service Control Manager | ID = 7034
Description =

Error - 10/03/2012 7:01:40 PM | Computer Name = Lenovo | Source = Service Control Manager | ID = 7000
Description =

Error - 10/03/2012 7:01:41 PM | Computer Name = Lenovo | Source = Service Control Manager | ID = 7034
Description =

Error - 10/03/2012 7:23:31 PM | Computer Name = Lenovo | Source = SCardSvr | ID = 615
Description =

Error - 10/03/2012 7:23:32 PM | Computer Name = Lenovo | Source = SCardSvr | ID = 616
Description =

Error - 10/03/2012 7:37:30 PM | Computer Name = Lenovo | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/03/2012 8:44:19 PM | Computer Name = Lenovo | Source = DCOM | ID = 10010
Description =

Error - 10/03/2012 9:07:16 PM | Computer Name = Lenovo | Source = Service Control Manager | ID = 7000
Description =

Error - 10/03/2012 9:07:36 PM | Computer Name = Lenovo | Source = Service Control Manager | ID = 7034
Description =

Error - 10/03/2012 9:48:57 PM | Computer Name = Lenovo | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >

#5 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 11 March 2012 - 03:16 PM

Let's try the following:
Close down all browser windows
Uninstall the older version of Sun Java from "Programs and Features" in Control Panel
Only remove the following>>> Java™ 6 Update 7

After that's uninstalled, come back here and do the following
Right click on OTL.exe and "Run as Administrator"
  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please

    :OTL
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O4 - HKLM..\Run: [] File not found
    :Reg
    :Files
    C:\Program Files\Ask.com
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, you will be prompted to Decline or use Trial version>>>Select DECLINE
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In addition:
Download aswMBR.exe (4.5mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.
Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Recap:
1. Post the fix log from OTL.exze
2. Post the log from MBAM
3. Post the log from aswMBR.exe please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#6 rinoscar

rinoscar

    Enthusiast

  • Members
  • PipPipPipPip
  • 135 posts

Posted 11 March 2012 - 08:50 PM

Here is the first request:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Ask.com not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: L
->Flash cache emptied: 42090 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: L
->Temp folder emptied: 508619877 bytes
->Temporary Internet Files folder emptied: 572119408 bytes
->Java cache emptied: 39530862 bytes
->FireFox cache emptied: 50698201 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1208792 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 349110171 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 358297888 bytes

Total Files Cleaned = 1,793.00 mb


OTL by OldTimer - Version 3.2.36.3 log created on 03112012_223824

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



I will do the 2 others tomorrow evening.
Thanks

#7 rinoscar

rinoscar

    Enthusiast

  • Members
  • PipPipPipPip
  • 135 posts

Posted 12 March 2012 - 04:49 PM

Step two:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.12.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
L :: LENOVO [administrator]

12/03/2012 6:33:49 PM
mbam-log-2012-03-12 (18-33-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183864
Time elapsed: 17 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 12 March 2012 - 06:38 PM

just waiting on the log from aswMBR.exe

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#9 rinoscar

rinoscar

    Enthusiast

  • Members
  • PipPipPipPip
  • 135 posts

Posted 12 March 2012 - 07:26 PM

Had some trouble with that one, first it rebooted when it was scanning a dll file. Second it stalled and froze my laptop when it was scanning the kaspersky file. I had to reboot manually, Eventually it scanned everything here is the file:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-12 20:47:26
-----------------------------
20:47:26.781 OS Version: Windows 6.0.6002 Service Pack 2
20:47:26.781 Number of processors: 2 586 0x170A
20:47:26.781 ComputerName: LENOVO UserName: L
20:48:57.269 Initialize success
20:49:12.807 AVAST engine defs: 12031200
20:49:59.763 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:49:59.778 Disk 0 Vendor: ST925082 3.CM Size: 238475MB BusType: 3
20:49:59.950 Disk 0 MBR read successfully
20:49:59.950 Disk 0 MBR scan
20:49:59.965 Disk 0 unknown MBR code
20:49:59.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1499 MB offset 2048
20:50:00.012 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226974 MB offset 3072000
20:50:00.059 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 467914752
20:50:00.106 Disk 0 scanning sectors +488394752
20:50:00.215 Disk 0 scanning C:\Windows\system32\drivers
20:50:32.792 Service scanning
20:51:20.528 Modules scanning
20:51:59.107 Disk 0 trace - called modules:
20:51:59.153 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:51:59.169 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88edc780]
20:51:59.169 3 CLASSPNP.SYS[8b3da8b3] -> nt!IofCallDriver -> [0x87e1d2b0]
20:51:59.185 5 acpi.sys[8aa936bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87d9e028]
20:52:00.651 AVAST engine scan C:\Windows
20:52:33.099 AVAST engine scan C:\Windows\system32
21:00:57.434 AVAST engine scan C:\Windows\system32\drivers
21:02:10.371 AVAST engine scan C:\Users\L
21:07:21.523 AVAST engine scan C:\ProgramData
21:24:22.954 Scan finished successfully
21:24:43.000 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
21:24:43.016 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR.txt"

#10 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 12 March 2012 - 07:50 PM

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then double click on it to run it

Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#11 rinoscar

rinoscar

    Enthusiast

  • Members
  • PipPipPipPip
  • 135 posts

Posted 12 March 2012 - 08:21 PM

22:20:44.0426 4812 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
22:20:45.0206 4812 ============================================================
22:20:45.0206 4812 Current date / time: 2012/03/12 22:20:45.0206
22:20:45.0206 4812 SystemInfo:
22:20:45.0206 4812
22:20:45.0206 4812 OS Version: 6.0.6002 ServicePack: 2.0
22:20:45.0206 4812 Product type: Workstation
22:20:45.0206 4812 ComputerName: LENOVO
22:20:45.0206 4812 UserName: L
22:20:45.0206 4812 Windows directory: C:\Windows
22:20:45.0206 4812 System windows directory: C:\Windows
22:20:45.0206 4812 Processor architecture: Intel x86
22:20:45.0206 4812 Number of processors: 2
22:20:45.0206 4812 Page size: 0x1000
22:20:45.0206 4812 Boot type: Normal boot
22:20:45.0206 4812 ============================================================
22:20:47.0499 4812 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:20:47.0561 4812 \Device\Harddisk0\DR0:
22:20:47.0561 4812 MBR used
22:20:47.0561 4812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2ED800
22:20:47.0561 4812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE000, BlocksNum 0x1BB4F000
22:20:47.0561 4812 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
22:20:47.0748 4812 Initialize success
22:20:47.0748 4812 ============================================================
22:21:09.0246 3780 ============================================================
22:21:09.0246 3780 Scan started
22:21:09.0246 3780 Mode: Manual;
22:21:09.0246 3780 ============================================================
22:21:10.0198 3780 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:21:10.0292 3780 ACPI - ok
22:21:10.0494 3780 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:21:10.0510 3780 adp94xx - ok
22:21:10.0604 3780 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:21:10.0619 3780 adpahci - ok
22:21:10.0682 3780 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:21:10.0697 3780 adpu160m - ok
22:21:10.0760 3780 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:21:10.0775 3780 adpu320 - ok
22:21:10.0931 3780 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:21:11.0040 3780 AFD - ok
22:21:11.0181 3780 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:21:11.0196 3780 agp440 - ok
22:21:11.0274 3780 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:21:11.0290 3780 aic78xx - ok
22:21:11.0368 3780 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:21:11.0368 3780 aliide - ok
22:21:11.0477 3780 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:21:11.0493 3780 amdagp - ok
22:21:11.0540 3780 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:21:11.0555 3780 amdide - ok
22:21:11.0696 3780 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:21:11.0711 3780 AmdK7 - ok
22:21:11.0758 3780 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:21:11.0774 3780 AmdK8 - ok
22:21:11.0883 3780 ApfiltrService (baaa6516aec2622b8fba6165ff5d68c2) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:21:11.0930 3780 ApfiltrService - ok
22:21:12.0101 3780 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:21:12.0117 3780 arc - ok
22:21:12.0195 3780 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:21:12.0226 3780 arcsas - ok
22:21:12.0304 3780 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:12.0320 3780 AsyncMac - ok
22:21:12.0413 3780 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:21:12.0491 3780 atapi - ok
22:21:12.0663 3780 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys
22:21:12.0819 3780 ATSwpWDF - ok
22:21:12.0975 3780 b57nd60x (db76881f34e600fbb29bc3d7c854d056) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:21:13.0006 3780 b57nd60x - ok
22:21:13.0084 3780 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:21:13.0115 3780 Beep - ok
22:21:13.0193 3780 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:21:13.0209 3780 blbdrive - ok
22:21:13.0334 3780 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:21:13.0412 3780 bowser - ok
22:21:13.0552 3780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:21:13.0568 3780 BrFiltLo - ok
22:21:13.0630 3780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:21:13.0630 3780 BrFiltUp - ok
22:21:13.0755 3780 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:21:13.0770 3780 Brserid - ok
22:21:13.0802 3780 BrSerWdm (203f0b