Jump to content

unname

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi DFB - i re-installed the OS so am not having the problem anymore. Thanks for all your assistance. I submitted a small donation via pp.
  2. The blue screen was very fast and happened about 3 times then 'fixed' itself and was able to boot. I don't have recovery disks - just will do a straight win7 install. Hard drive was recently checked and re-seated so I think that's ok. Thanks!
  3. Hi DFB - well unfortunately, I was unable to complete these steps - whenever I go into recovery, there is no OS listed and although the drives are listed, they say they need to be formatted. I downloaded these drivers for Lenovo w510 in attempt to 'load drivers': http://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-74430 But none of them made the OS show up. Also, in multiple attempts to get between recovery and boot to windows to look for drivers, the computer blue screened and wouldn't boot to OS... it is now booting, but no luck on the above. I'm thinking I just need to reinstall.
  4. Oh - forgot, it said it couldn't access system.cfg and user.dat (or something like that) because they were in use by another program
  5. Thanks DFB - I'm still unable to stop Trend due to password, but here are the results: GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-30 09:23:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PCEZ 298.09GB Running: f6n0g02t.exe; Driver: C:\Users\Ken\AppData\Local\Temp\pwddqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75] .text ... * 2 .text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75] .text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75] .text ... * 2 .text C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe[2500] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ff87b1 5 bytes JMP 0000000100412770 .text C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75] .text C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75] .text ... * 2 .text C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe[5180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75] .text C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe[5180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75] .text ... * 2 .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[6588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[6588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[7400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75] .text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[7400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075491465 2 bytes [49, 75] .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[7584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754914bb 2 bytes [49, 75] .text ... * 2 .text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000727a1a22 2 bytes [7A, 72] .text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000727a1ad0 2 bytes [7A, 72] .text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000727a1b08 2 bytes [7A, 72] .text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000727a1bba 2 bytes [7A, 72] .text C:\Users\Ken\Desktop\SecurityCheck.exe[8352] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000727a1bda 2 bytes [7A, 72] ? C:\Windows\system32\mssprxy.dll [8352] entry point in ".rdata" section 0000000074d271e6 ---- Devices - GMER 2.1 ---- Device \Driver\iaStor \Device\Dev_fffffa800dbb3050 fffffa8017bfe328 Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa80103dd510 fffffa8017b6d9c4 Device \Driver\USBSTOR \Device\Dev_fffffa80103dd510 fffffa8017b7f578 ---- Threads - GMER 2.1 ---- Thread System [4:6200] fffffa8017bf6b50 ---- Processes - GMER 2.1 ---- Library E:\BIN\CFAgent.exe (*** suspicious ***) @ E:\BIN\CFAgent.exe [9240] 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----
  6. well - very strange - here's the logs from the weekend. Some days are fine, others are not. I just thought of something... Is it possible that if I'm pseudo-mirroring traffic on my router (via IP tables) from another computer, that MB would alert against this traffic and maybe the other computer is the one attempting to reach these IPs? Although, that computer was used heavily on Saturday on there's nothing in the log. 5/25 2013/05/25 22:35:26 -0700 MESSAGE Executing scheduled update: Daily 2013/05/25 22:35:41 -0700 MESSAGE Scheduled update executed successfully: database updated from version v2013.05.25.01 to version v2013.05.26.02 2013/05/25 22:35:41 -0700 MESSAGE Starting database refresh 2013/05/25 22:35:42 -0700 MESSAGE Stopping IP protection 2013/05/25 22:35:42 -0700 MESSAGE IP Protection stopped successfully 2013/05/25 22:35:45 -0700 MESSAGE Database refreshed successfully 2013/05/25 22:35:45 -0700 MESSAGE Starting IP protection 2013/05/25 22:35:48 -0700 MESSAGE IP Protection started successfully 5/26 2013/05/26 02:14:12 -0700 IP-BLOCK 218.7.242.6 (Type: outgoing, Port: 137) 2013/05/26 02:14:12 -0700 IP-BLOCK 218.7.242.6 (Type: outgoing, Port: 137) 2013/05/26 02:14:20 -0700 IP-BLOCK 218.7.242.6 (Type: outgoing, Port: 137) 2013/05/26 09:30:31 -0700 IP-BLOCK 58.240.191.98 (Type: outgoing, Port: 137) 2013/05/26 09:30:31 -0700 IP-BLOCK 58.240.191.98 (Type: outgoing, Port: 137) 2013/05/26 09:30:31 -0700 IP-BLOCK 58.240.191.98 (Type: outgoing, Port: 137) 2013/05/26 10:11:28 -0700 IP-BLOCK 218.93.205.140 (Type: outgoing, Port: 137) 2013/05/26 10:11:28 -0700 IP-BLOCK 218.93.205.140 (Type: outgoing, Port: 137) 2013/05/26 10:11:28 -0700 IP-BLOCK 218.93.205.140 (Type: outgoing, Port: 137) 2013/05/26 15:52:04 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137) 2013/05/26 15:52:04 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137) 2013/05/26 15:52:04 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137) 2013/05/26 22:38:09 -0700 MESSAGE Executing scheduled update: Daily 2013/05/26 22:38:23 -0700 MESSAGE Scheduled update executed successfully: database updated from version v2013.05.26.02 to version v2013.05.27.01 2013/05/26 22:38:23 -0700 MESSAGE Starting database refresh 2013/05/26 22:38:24 -0700 MESSAGE Stopping IP protection 2013/05/26 22:38:24 -0700 MESSAGE IP Protection stopped successfully 2013/05/26 22:38:27 -0700 MESSAGE Database refreshed successfully 2013/05/26 22:38:27 -0700 MESSAGE Starting IP protection 2013/05/26 22:38:31 -0700 MESSAGE IP Protection 5/27 2013/05/27 22:31:38 -0700 MESSAGE Executing scheduled update: Daily 2013/05/27 22:31:49 -0700 MESSAGE Scheduled update executed successfully: database updated from version v2013.05.27.01 to version v2013.05.28.01 2013/05/27 22:31:49 -0700 MESSAGE Starting database refresh 2013/05/27 22:31:50 -0700 MESSAGE Stopping IP protection 2013/05/27 22:31:50 -0700 MESSAGE IP Protection stopped successfully 2013/05/27 22:31:53 -0700 MESSAGE Database refreshed successfully 2013/05/27 22:31:53 -0700 MESSAGE Starting IP protection 2013/05/27 22:31:56 -0700 MESSAGE IP Protection started successfully 5/28 2013/05/28 05:05:04 -0700 IP-BLOCK 222.186.57.37 (Type: outgoing, Port: 137) 2013/05/28 05:05:04 -0700 IP-BLOCK 222.186.57.37 (Type: outgoing, Port: 137) 2013/05/28 05:05:04 -0700 IP-BLOCK 222.186.57.37 (Type: outgoing, Port: 137)
  7. hmm, I guess I have the browser open even when I'm not using the computer. But it will get logged even if I'm not actively using it. I'll try closing my browser and see if it logs anything.
  8. I hope this is the correct one: 2013/05/24 08:18:08 -0700 IP-BLOCK 222.186.26.151 (Type: outgoing, Port: 137) 2013/05/24 08:18:08 -0700 IP-BLOCK 222.186.26.151 (Type: outgoing, Port: 137) 2013/05/24 08:18:08 -0700 IP-BLOCK 222.186.26.151 (Type: outgoing, Port: 137) 2013/05/24 08:40:46 -0700 MESSAGE Starting database refresh 2013/05/24 08:40:46 -0700 MESSAGE Stopping IP protection 2013/05/24 08:40:46 -0700 MESSAGE IP Protection stopped successfully 2013/05/24 08:40:58 -0700 MESSAGE Database refreshed successfully 2013/05/24 08:40:58 -0700 MESSAGE Starting IP protection 2013/05/24 08:41:02 -0700 MESSAGE IP Protection started successfully 2013/05/24 12:47:18 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137) 2013/05/24 12:47:26 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137) 2013/05/24 12:47:26 -0700 IP-BLOCK 60.173.11.7 (Type: outgoing, Port: 137)
  9. <p>Hi DFB - the log is very short, but the scan found a lot of old html / php files on an external drive that were from backed up websites that at one point were hacked. Here it is:</p> <p> </p> <div>ESETSmartInstaller@High as CAB hook log:</div> <div>OnlineScanner64.ocx - registred OK</div> <div>OnlineScanner.ocx - registred OK</div> <div> </div> <div>It looks like MB is still alerting that it is blocking access though - could this be a false positive?</div> <div> </div> <div>IP-BLOCK<span class="Apple-tab-span" style="white-space:pre"> </span>222.186.26.151 (Type: outgoing, Port: 137)</div>
  10. EXTRAS: OTL Extras logfile created on: 5/23/2013 11:29:53 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.93 Gb Total Physical Memory | 11.62 Gb Available Physical Memory | 72.93% Memory free 31.86 Gb Paging File | 26.97 Gb Available in Paging File | 84.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.15 Gb Total Space | 104.83 Gb Free Space | 36.51% Space Free | Partition Type: NTFS Drive F: | 465.65 Gb Total Space | 275.39 Gb Free Space | 59.14% Space Free | Partition Type: FAT32 Computer Name: ESORKMASON | User Name: Ken | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00FFBACF-ABAF-4E5F-B7DF-6B980585B07A}" = lport=139 | protocol=6 | dir=in | app=system | "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{11FFEA09-F743-4DAF-9E4A-6977674526E2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{17F8AEFC-129C-448D-AC9E-380679919ED0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2204354C-81D9-4A2D-A344-D62116EB406A}" = lport=138 | protocol=17 | dir=in | app=system | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{28D38630-B5E1-4481-849A-2D8246DC50BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{35EBE5FA-3146-4A5F-990F-684604F5EB69}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4466BE8C-5D93-453D-B598-612C46B66A67}" = lport=445 | protocol=6 | dir=in | app=system | "{475234C9-A285-4D44-914C-9DFE60477DDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A824990-B7DB-4A44-BD1C-B21E1123845B}" = rport=137 | protocol=17 | dir=out | app=system | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{60EBF2CA-7389-4DB8-8C48-B0710AAEADB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{64DD729B-5356-4769-9719-309EB9F9A79C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{705B5428-FD83-4F25-951B-44176B365038}" = rport=445 | protocol=6 | dir=out | app=system | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{7DD68EF8-EA61-43EA-9E86-6DFF538293D7}" = rport=10243 | protocol=6 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{87A72EAF-CF31-4427-B5BB-24607186D396}" = rport=138 | protocol=17 | dir=out | app=system | "{8ADD308B-E405-4746-86A3-A3D673E277FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8B728BCF-9F94-4163-BC5A-401473EFC31C}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | "{9494D133-BDE6-4F1B-8FE2-4B7B47D18E28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{95CF4BFA-63F4-48F6-85B0-0D5B50C8A6D6}" = lport=137 | protocol=17 | dir=in | app=system | "{A09A087D-1FF4-45F1-B925-0C9155AD52EE}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{B822802E-44A5-423E-8577-787BF0A3CF0D}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{BEA8A763-2EB3-4202-A5DB-6F9B744793CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5199E19-4706-4578-997E-E430AE154F03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D4211EC6-D439-4A77-8981-140E08938F39}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D599017B-3680-4D8D-A213-A39C7D792178}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DCCFE73F-9E9C-4972-A483-B24131508303}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{DE4154AB-F12B-4758-AEF8-6DD803B4830F}" = rport=139 | protocol=6 | dir=out | app=system | "{E0DE7D58-45CC-4C3B-A0CA-2B1FB2035B65}" = lport=10243 | protocol=6 | dir=in | app=system | "{F1740B8F-997D-48B4-BFA9-90643E7279EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0691DD1C-645E-4FF2-8D95-B40067254AFD}" = protocol=6 | dir=in | app=c:\program files (x86)\fiddler2\fiddler.exe | "{06C2AD06-7051-40BB-BBCD-1E1DAE93B3E6}" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe | "{07BAC5E3-A03D-408A-9299-EBB8E17985D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{08AF7C4A-56C9-42A5-BCD9-83F1BBA275A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | "{0A04F9A7-008C-4E85-B45D-F2BC4D2B3ED0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1AF5953C-1BD8-4CEE-9A34-F619961AC470}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1CFA4BCC-C9FB-4DF1-9430-48B2F0737F6D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{24E00028-27F0-4D0C-AD30-D5AE46FE6D05}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{24F19106-3553-4C59-B362-BE7E7E3D796A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2D90DFA6-6176-4F91-B8E7-DC8C9DF2B6DB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{2FFB39D0-62B6-486C-A32F-D12D28DAC16C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{327E32A6-C7FD-49AD-AED7-BD6A0B239844}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3C8F44F2-D39B-4C83-91C0-6E4CA9F97EF9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | "{40619F2D-624A-44B7-8871-8B72F67AED23}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4EA37F7B-3625-44A6-91F9-3CC838FDEC0F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5A59F86C-F9C6-4297-A477-57FFFB3F7488}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B5E0586-C9BB-495F-8433-A389B52B8B3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6B7E6919-B486-4EBD-8E44-369359587799}" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe | "{6BE1AE71-3DD4-4132-82E2-9FC3E400C655}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{709F5415-3BD7-4F12-9D1D-7D57D6E19FB5}" = protocol=6 | dir=out | app=system | "{739795B1-D9B3-4AF7-AD4B-C7B0A86CA02C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{74FA11F4-0090-419A-A9F1-4ADDEFF418AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8725833A-5E8D-4C0A-87AC-BB7517B1D3A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{89F43BF9-9E0B-4E5A-99F0-037EDD217A4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{90D9C1A0-AB23-4824-98DC-56B794BD22E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{9407C7A6-28E9-4A62-B428-6E391C1F4A3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A579E56F-3100-4BFE-9367-B3FD0959B07C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B05A11F1-90A3-4456-A298-0548024F2471}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{B14E7820-643B-4DF4-B7DA-F22704599EA4}" = dir=in | app=c:\users\ken\appdata\local\temp\7zs0aea\ojprol7x00_basic_14\setup\hpznui40.exe | "{B3AEF99A-7DA2-494C-9D2C-F7583C8694B1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B879B106-816E-4A7B-8F71-9F77B174C69A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BAFBCB81-81AE-4259-A286-717FD2C9C036}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{BCFBE368-30EF-4956-A4E7-DB5A7009E5F6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{BF91E062-086B-45BA-900A-0846D3CFF0B7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C3E24362-7D7A-4608-B803-35D1CA5FB616}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C614D8FC-F987-45D8-819C-C459C89B941D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C6E0AA11-F7F3-4461-A7A2-762E5A0DA4BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E01948F8-ABAC-4E20-A8C1-73FC44FC873D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E5374116-58FA-4C1C-A751-6E92F0540FA5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ED221F2F-6C1C-4563-8F38-5ABD5D5669EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EF4A1D0F-E42F-4606-830A-DAFA54F777A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F8C21A77-2B75-44E5-9C68-A4F1A5740A5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{FF8F9CD8-C9D6-4C5C-8A18-4260FD583B8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{1581CC9A-8EB6-4748-A3F5-A121699E560A}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{35B32D36-06BF-4FCB-9658-3AC566722440}C:\program files (x86)\microsoft office communicator\communicator.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | "TCP Query User{4B901E87-169B-4BDF-B115-BE518E7A4486}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "TCP Query User{BD0DF28B-79DE-4908-8D6F-CC55DDDEEF29}C:\ww\wallwatcher.exe" = protocol=6 | dir=in | app=c:\ww\wallwatcher.exe | "TCP Query User{C20E4016-7268-4D1A-B995-7DBBDC7DE6C9}C:\ww\wallwatcher.exe" = protocol=6 | dir=in | app=c:\ww\wallwatcher.exe | "TCP Query User{D7D9EE32-C9F3-4DD6-9573-045F3D44A259}C:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe | "UDP Query User{029823D4-52A8-4DAD-BC71-0E653214B4CE}C:\ww\wallwatcher.exe" = protocol=17 | dir=in | app=c:\ww\wallwatcher.exe | "UDP Query User{10C69DBC-2424-4794-A75B-94DE3B52A867}C:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe contribute cs5\app\contribute.exe | "UDP Query User{581C7CBD-5200-4D3D-A219-A17B94124878}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "UDP Query User{B46CDE0B-CDD7-4DD7-A6E5-FAF6C28F3F10}C:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{CF05A3F6-C75E-4A0E-BCE9-70086D1EA901}C:\ww\wallwatcher.exe" = protocol=17 | dir=in | app=c:\ww\wallwatcher.exe | "UDP Query User{FAB1F05C-C117-4E67-816E-AF1A16E462D0}C:\program files (x86)\microsoft office communicator\communicator.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{006EFC7F-7958-4125-973A-788B947C9D9D}" = Lenovo SimpleTap "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor "{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}" = Symantec Encryption Desktop "{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager "{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel® PROSet/Wireless WiFi Software "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290 "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}" = ThinkVantage Fingerprint Software "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4 "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A818DAE1-EBBE-4438-B557-8115955D88E4}" = HP OfficeJet L7300/L7500/7600/7700 "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{BD4F2616-B17D-4982-815F-0C78C476839F}" = EVault Software Agent "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) "30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179) "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "3C4C8BB88656F616D170176E1905526541B60FDF" = Windows Driver Package - Intel (e1kexpress) Net (06/22/2010 11.5.10.1012) "50BEEEA1F00D30E432867EA15672212B3FB5740E" = Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0) "573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) "A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) "CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter "D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) "DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows Vista/7 "E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 "FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "OnScreenDisplay" = On Screen Display "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "sp6" = Logitech SetPoint 6.52 "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware "{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1485CD45-F42D-46A6-9CFE-24537E481F53}" = L7000_Basic "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4330AAE7-1893-42F9-BC38-539A1A60530B}" = Mobile Broadband "{492D6A69-BE0D-4F71-939D-A11470A207D0}" = MaaS360 Visibility Service "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA7C442-2AC2-45A9-BCD1-FF534621AAB2}" = MaaS360 Software Uninstall Utility "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro "{AC76BA86-1033-0000-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026 "{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery "{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent "{BF7023BC-319B-4FE1-B569-C854A19F81F8}" = Extend360 Enforcement Agent "{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.19 "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{CDC08463-9303-4BF1-BF8C-E1A2ECEE3248}" = Adobe Creative Suite 5 Web Premium "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Fiddler2" = Fiddler "FileZilla Client" = FileZilla Client 3.6.0.2 "Google Chrome" = Google Chrome "huey_is1" = hueyPRO for Lenovo (Version 1.2.4.1) "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "Lenovo Welcome_is1" = Lenovo Welcome "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US) "Mozilla Thunderbird 17.0.5 (x86 en-US)" = Mozilla Thunderbird 17.0.5 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenDNS Updater" = OpenDNS Updater 2.2.1 "SdxBlockIE" = IE Block for 9 and 10 "WallWatcher" = WallWatcherR 9 AND 1 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "Wireshark" = Wireshark 1.8.6 (64-bit) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Amazon Amazon Cloud Player" = Amazon Cloud Player "Dropbox" = Dropbox "JoinMe" = join.me ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/15/2013 9:11:38 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 5/15/2013 9:11:38 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 5/15/2013 9:11:39 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 5/15/2013 9:11:39 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 5/15/2013 9:11:39 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 5/15/2013 9:11:40 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 5/15/2013 9:11:40 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 5/15/2013 9:11:41 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 5/15/2013 9:12:03 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 5/15/2013 9:12:03 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 5/15/2013 9:12:04 PM | Computer Name = ESORKMASON | Source = .NET Runtime Optimization Service | ID = 1101 Description = [ Cisco AnyConnect Secure Mobility Client Events ] Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4910 Invoked Function: CMainThread::reportStates Return Code: -31522805 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866 Description = Function: CTcpTransport::internalReadSocket File: .\IPC\SocketTransport.cpp Line: 1731 Invoked Function: WSARecv Return Code: 10053 (0x00002745) Description: An established connection was aborted by the software in your host machine. Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866 Description = Function: CSocketTransport::readSocket File: .\IPC\SocketTransport.cpp Line: 853 Invoked Function: CSocketTransport::internalReadSocket Return Code: -31522806 (0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866 Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp Line: 1226 Invoked Function: CSocketTransport::readSocket Return Code: -31522806 (0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866 Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line: 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522806 (0xFE1F000A) Description: SOCKETTRANSPORT_ERROR_READ Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866 Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp Line: 1676 Invoked Function: WSASend Return Code: 10053 (0x00002745) Description: An established connection was aborted by the software in your host machine. Error - 5/23/2013 12:45:54 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866 Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp Line: 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE Error - 5/23/2013 12:45:58 AM | Computer Name = ESORKMASON | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 5/23/2013 12:46:37 AM | Computer Name = ESORKMASON | Source = acvpnui | ID = 67108866 Description = Function: CMainFrame::OnCreate File: .\mainfrm.cpp Line: 362 Invoked Function: The VPN service is not responding or available. Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Error - 5/23/2013 12:46:37 AM | Computer Name = ESORKMASON | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1089 NULL object. Cannot establish a connection at this time. [ System Events ] Error - 5/15/2013 12:52:20 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service. Error - 5/15/2013 1:38:57 PM | Computer Name = ESORKMASON | Source = EventLog | ID = 6008 Description = The previous system shutdown at 10:37:28 AM on ?5/?15/?2013 was unexpected. Error - 5/15/2013 1:39:50 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service. Error - 5/15/2013 3:44:10 PM | Computer Name = ESORKMASON | Source = NetBT | ID = 4311 Description = Initialization failed because the driver device could not be created. Use the string "0024D7910DD0" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error - 5/15/2013 3:44:10 PM | Computer Name = ESORKMASON | Source = NetBT | ID = 4311 Description = Initialization failed because the driver device could not be created. Use the string "0024D7910DD0" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error - 5/15/2013 5:11:32 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service. Error - 5/15/2013 5:12:19 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 5/15/2013 9:17:51 PM | Computer Name = ESORKMASON | Source = DCOM | ID = 10005 Description = Error - 5/15/2013 9:17:51 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. Error - 5/15/2013 9:17:51 PM | Computer Name = ESORKMASON | Source = Service Control Manager | ID = 7000 Description = The Windows Modules Installer service failed to start due to the following error: %%1053 < End of report >
  11. Computer seems to be running fine - still have those ip block alerts - although mb said trial is over so maybe that protection is no longer happening. OTL logfile created on: 5/23/2013 11:29:53 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.93 Gb Total Physical Memory | 11.62 Gb Available Physical Memory | 72.93% Memory free 31.86 Gb Paging File | 26.97 Gb Available in Paging File | 84.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.15 Gb Total Space | 104.83 Gb Free Space | 36.51% Space Free | Partition Type: NTFS Drive F: | 465.65 Gb Total Space | 275.39 Gb Free Space | 59.14% Space Free | Partition Type: FAT32 Computer Name: ESORKMASON | User Name: Ken | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/23 11:26:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe PRC - [2013/05/23 08:43:11 | 000,890,902 | ---- | M] () -- C:\Users\Ken\Desktop\SecurityCheck.exe PRC - [2013/05/17 14:35:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013/04/10 14:44:20 | 005,164,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/02/01 17:19:08 | 001,589,528 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe PRC - [2013/02/01 17:19:04 | 004,195,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe PRC - [2013/01/11 15:31:14 | 000,050,208 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe PRC - [2013/01/11 15:29:18 | 000,024,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe PRC - [2012/11/29 14:59:32 | 008,212,480 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2011/09/09 10:08:56 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011/02/17 22:34:26 | 000,378,216 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe PRC - [2010/12/23 00:35:38 | 000,476,160 | ---- | M] (DMT and Associates) -- C:\ww\WallWatcher.exe PRC - [2010/09/17 18:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2010/09/17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2010/09/17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2010/07/30 00:07:50 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe PRC - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2010/07/27 14:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe PRC - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe PRC - [2010/07/27 01:05:02 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe PRC - [2010/05/02 20:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/05/02 20:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/04/25 21:46:34 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2010/04/06 22:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2010/04/06 22:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010/04/06 20:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe PRC - [2010/04/02 01:40:18 | 015,946,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe PRC - [2010/03/31 22:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2010/02/22 13:49:08 | 002,370,632 | ---- | M] (BigFix Inc.) -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe PRC - [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe PRC - [2010/02/10 16:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2009/11/23 21:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2009/10/02 23:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2009/03/05 00:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe PRC - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2013/05/23 08:43:11 | 000,890,902 | ---- | M] () -- C:\Users\Ken\Desktop\SecurityCheck.exe MOD - [2013/05/17 14:35:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppgooglenaclpluginchrome.dll MOD - [2013/05/17 14:35:41 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll MOD - [2013/05/17 14:35:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll MOD - [2013/05/17 14:34:47 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libglesv2.dll MOD - [2013/05/17 14:34:47 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libegl.dll MOD - [2013/05/17 14:34:45 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ffmpegsumo.dll MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/11/29 14:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe MOD - [2010/04/02 01:41:58 | 000,568,768 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\KnowledgeEngines\PHP_KnowledgeEngine.dll MOD - [2010/04/02 01:41:56 | 000,649,152 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\KnowledgeEngines\JS_KnowledgeEngine.dll MOD - [2010/04/02 01:41:12 | 005,014,464 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\flash player\authplay.dll MOD - [2010/04/02 01:41:06 | 004,350,912 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\browsers\webkit\WebKit.dll MOD - [2010/04/02 01:40:56 | 000,823,744 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Workspace.dll MOD - [2010/04/02 01:40:50 | 000,165,312 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\ssleay32.dll MOD - [2010/04/02 01:40:36 | 000,849,344 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\libeay32.dll MOD - [2010/02/22 04:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll MOD - [2010/01/02 07:42:28 | 000,018,207 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll MOD - [2003/01/02 23:32:06 | 000,020,480 | ---- | M] () -- C:\ww\NetUtils.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/02/08 11:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2011/03/31 22:58:12 | 006,488,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EVault Software\Agent\VVAgent.exe -- (EVault InfoStage Agent) SRV:64bit: - [2011/03/31 22:43:20 | 010,013,184 | ---- | M] () [Auto | Running] -- C:\Program Files\EVault Software\Agent\buagent.exe -- (EVault InfoStage BUAgent) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV:64bit: - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV:64bit: - [2010/07/19 19:08:30 | 001,429,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010/07/19 18:46:54 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/06/16 14:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2010/04/30 07:52:50 | 006,237,800 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service) SRV:64bit: - [2010/04/06 22:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV:64bit: - [2010/04/06 22:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV:64bit: - [2010/04/06 20:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV:64bit: - [2009/11/17 22:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009/09/29 18:25:48 | 000,126,392 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/08/11 17:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/04/09 23:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/03/18 11:57:50 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013/03/17 21:50:20 | 002,060,904 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten) SRV - [2013/03/17 21:46:32 | 001,824,800 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe -- (ntrtscan) SRV - [2013/03/13 01:24:26 | 000,571,928 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2013/02/01 17:19:08 | 001,589,528 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service) SRV - [2013/01/11 15:31:14 | 000,050,208 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost) SRV - [2012/08/08 18:26:42 | 000,918,064 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy) SRV - [2012/06/28 05:33:47 | 000,083,824 | R--- | M] (Storage Appliance Corp.) [Auto | Stopped] -- C:\ProgramData\OfficeGuardianV2\UACProxy.exe -- (CFUACProxy_officeguardianv2) SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2011/09/09 10:08:56 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011/02/17 22:34:26 | 000,378,216 | ---- | M] (Fiberlink Communications Corp.) [Auto | Running] -- C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe -- (EMSAgent) SRV - [2010/09/17 18:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2010/09/17 18:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2010/08/24 11:30:00 | 000,164,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2010/08/24 11:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/05/02 20:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/05/02 20:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/22 13:49:08 | 002,370,632 | ---- | M] (BigFix Inc.) [On_Demand | Running] -- C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/02/10 16:40:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/04/28 19:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) SRV - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/02/01 17:19:22 | 000,378,832 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwded.sys -- (PGPwded) DRV:64bit: - [2013/02/01 17:19:22 | 000,016,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPwdefs.sys -- (Pgpwdefs) DRV:64bit: - [2013/02/01 17:19:18 | 000,052,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PGPsdk.sys -- (PGPsdkDriver) DRV:64bit: - [2013/02/01 17:19:10 | 000,274,320 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PGPdisk.sys -- (PGPdisk) DRV:64bit: - [2013/02/01 17:19:10 | 000,182,632 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\PGPfsfd.sys -- (pgpfs) DRV:64bit: - [2013/01/09 04:39:34 | 000,109,080 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2013/01/03 01:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2013/01/03 01:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2013/01/03 01:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2013/01/03 01:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/11/13 19:33:12 | 000,174,016 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2012/10/30 11:08:48 | 000,082,840 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2012/10/30 11:08:10 | 000,065,872 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/09/09 10:00:06 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011/09/09 09:59:20 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/25 20:43:04 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv) DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/08/25 09:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010/08/24 11:30:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64) DRV:64bit: - [2010/08/24 11:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2010/07/14 05:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010/06/21 23:37:38 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2010/06/20 23:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/06/16 14:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2010/06/16 14:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2010/06/09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3) DRV:64bit: - [2010/04/22 01:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010/03/03 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010/01/22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/01/22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/12/14 18:09:08 | 000,163,072 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2009/11/17 22:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2009/10/25 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2009/09/29 18:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009/09/24 04:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C) DRV:64bit: - [2009/09/16 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/07/01 19:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2009/06/30 20:46:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/06/30 20:46:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/06/30 20:46:00 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/06/29 21:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2009/06/29 21:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL) DRV:64bit: - [2009/06/29 20:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/28 19:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2009/04/06 23:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/03/13 15:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008/05/12 02:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2006/06/18 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter) DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter) DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2F609AAE-4284-40F8-9C47-1B0C6F0E10C7} IE:64bit: - HKLM\..\SearchScopes\{2F609AAE-4284-40F8-9C47-1B0C6F0E10C7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {F4FEE6BA-ACAD-4BAB-9373-9408C6458FDC} IE - HKLM\..\SearchScopes\{F4FEE6BA-ACAD-4BAB-9373-9408C6458FDC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sodexousa.com/defaulthome IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..\SearchScopes,DefaultScope = {D495AE69-7513-4CF9-87D3-0956F7E6D9F4} IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..\SearchScopes\{D495AE69-7513-4CF9-87D3-0956F7E6D9F4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2013/03/16 09:20:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013/03/19 16:35:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/03/25 14:57:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2013/04/27 18:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/17 09:40:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/17 09:40:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/04/06 13:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions [2013/04/24 10:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/04/09 23:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/04/09 23:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/04/09 23:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/05/22 22:23:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001..\Run: [Amazon Cloud Player] C:\Users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe () O4 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe () O4 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001..\Run: [sacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe (SAC) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik) O9:64bit: - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik) O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\PGPlsp.dll (Symantec Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\PGPlsp.dll (Symantec Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MarketConnection.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MarketConnection.com ([www] http in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MarketConnection.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexho.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexho.com ([www] http in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexho.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexo.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexo.com ([www] http in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: MySodexo.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: Sodexo.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: Sodexo.com ([www] http in Trusted sites) O15 - HKU\S-1-5-21-3263463438-2871500760-3022703788-1001\..Trusted Domains: Sodexo.com ([www] https in Trusted sites) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/09/04 10:16:00 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/23 11:26:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe [2013/05/22 21:50:12 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/05/22 20:49:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/05/22 20:49:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/05/22 20:49:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/05/22 20:49:23 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/05/22 20:48:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/05/22 20:40:39 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/05/22 19:42:55 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\mbar [2013/05/22 19:41:25 | 005,069,782 | R--- | C] (Swearware) -- C:\Users\Ken\Desktop\ComboFix.exe [2013/05/22 13:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013/05/22 13:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013/05/17 09:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/05/17 09:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/05/17 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/05/17 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/05/17 09:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/05/17 09:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013/05/17 09:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013/05/15 12:04:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/05/15 12:04:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/05/15 12:04:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/05/15 12:04:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/05/15 12:04:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/05/15 12:04:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/05/15 12:04:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/05/15 12:04:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/05/15 12:04:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/05/15 12:04:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/05/15 12:04:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/05/15 12:04:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/05/15 12:04:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/05/15 12:04:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/05/15 12:04:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/05/15 11:02:20 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013/05/15 11:02:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013/05/15 11:02:11 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013/05/15 11:02:11 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013/05/15 11:02:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013/05/15 11:02:11 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013/05/15 11:01:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013/05/14 12:16:40 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player [2013/05/14 12:16:35 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Amazon Cloud Player [2013/05/14 11:18:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Podcasts [2013/05/14 11:18:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013/05/14 10:55:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY [2013/05/14 10:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune [2013/05/14 10:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zune [2013/05/09 10:23:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013/05/09 10:10:04 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Malwarebytes [2013/05/09 10:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/05/09 10:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/05/09 10:09:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/05/09 10:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/05/09 10:09:22 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Programs [2013/05/09 07:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/05/08 16:32:00 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\gallery [2013/05/07 15:06:23 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2013/05/01 21:34:20 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\gtk-2.0 [2013/05/01 16:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Personnel [2013/05/01 10:55:17 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Network Monitor 3 [2013/05/01 10:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4 [2013/05/01 10:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3 [2013/04/30 10:59:28 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Wireshark [2013/04/30 10:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2013/04/30 10:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2013/04/30 10:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark [2013/04/30 09:40:56 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Fiddler2 [2013/04/29 15:58:46 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Macromedia [2013/04/27 18:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2 [2013/04/26 12:58:26 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Adobe [2013/04/25 11:51:10 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013/04/25 11:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013/04/25 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Notepad++ [2013/04/25 11:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2013/04/24 10:34:59 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Mozilla [2013/04/24 10:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Encryption [2013/04/24 10:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\PGP Corporation [2013/04/23 15:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2013/04/23 15:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [1 C:\Users\Ken\*.tmp files -> C:\Users\Ken\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/23 11:55:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013/05/23 11:52:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013/05/23 11:26:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe [2013/05/23 11:17:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/23 08:43:11 | 000,890,902 | ---- | M] () -- C:\Users\Ken\Desktop\SecurityCheck.exe [2013/05/23 01:17:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/22 22:23:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/05/22 21:55:05 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/22 21:55:05 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/22 21:44:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/22 21:44:04 | 4241,096,702 | -HS- | M] () -- C:\hiberfil.sys [2013/05/22 19:41:58 | 005,069,782 | R--- | M] (Swearware) -- C:\Users\Ken\Desktop\ComboFix.exe [2013/05/22 19:37:34 | 002,240,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ken\Desktop\TDSSKiller.exe [2013/05/22 11:59:42 | 000,001,456 | ---- | M] () -- C:\Users\Ken\AppData\Local\Adobe Save for Web 12.0 Prefs [2013/05/21 22:31:31 | 001,635,886 | ---- | M] () -- C:\Users\Ken\Desktop\scan0070.pdf [2013/05/16 09:01:36 | 165,691,072 | ---- | M] () -- C:\Users\Ken\051513_00001_20130515175814 [2013/05/15 17:36:42 | 000,000,600 | ---- | M] () -- C:\Users\Ken\AppData\Local\PUTTY.RND [2013/05/15 12:44:18 | 007,840,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/15 12:10:03 | 000,803,430 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/15 12:10:03 | 000,671,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/15 12:10:03 | 000,121,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/14 10:55:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2013/05/13 22:25:51 | 065,044,408 | ---- | M] () -- C:\Users\Ken\051313_00008_20130513213254 [2013/05/13 21:32:54 | 524,288,024 | ---- | M] () -- C:\Users\Ken\051313_00007_20130513193355 [2013/05/13 19:33:55 | 524,288,164 | ---- | M] () -- C:\Users\Ken\051313_00006_20130513191750 [2013/05/13 19:17:50 | 524,289,012 | ---- | M] () -- C:\Users\Ken\051313_00005_20130513190706 [2013/05/13 19:07:06 | 524,288,868 | ---- | M] () -- C:\Users\Ken\051313_00004_20130513183222 [2013/05/13 18:32:22 | 524,289,332 | ---- | M] () -- C:\Users\Ken\051313_00003_20130513175844 [2013/05/13 17:58:44 | 524,288,356 | ---- | M] () -- C:\Users\Ken\051313_00002_20130513170656 [2013/05/13 17:06:56 | 524,288,588 | ---- | M] () -- C:\Users\Ken\051313_00001_20130513162439 [2013/05/10 16:16:38 | 000,002,277 | ---- | M] () -- C:\Users\Ken\AppData\Local\recently-used.xbel [2013/05/09 10:23:48 | 899,118,561 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/05/02 06:37:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\DAC_ELIST [2013/04/29 15:57:27 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/29 15:57:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/04/24 18:09:16 | 001,048,576 | RHS- | M] () -- C:\PGPWDE00 [2013/04/24 18:09:04 | 004,194,304 | RHS- | M] () -- C:\PGPWDE02 [2013/04/24 10:10:55 | 000,135,198 | ---- | M] () -- C:\Windows\SysWow64\PGPlspRollback.reg [2013/04/24 10:10:54 | 000,002,477 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk [2013/04/23 16:14:26 | 000,007,609 | ---- | M] () -- C:\Users\Ken\AppData\Local\Resmon.ResmonCfg [1 C:\Users\Ken\*.tmp files -> C:\Users\Ken\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/23 08:43:04 | 000,890,902 | ---- | C] () -- C:\Users\Ken\Desktop\SecurityCheck.exe [2013/05/22 21:43:01 | 000,002,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk [2013/05/22 21:43:01 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Agent Assistant.lnk [2013/05/22 21:43:01 | 000,000,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wall Watcher.lnk [2013/05/22 20:49:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/05/22 20:49:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/05/22 20:49:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/05/22 20:49:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/05/22 20:49:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/05/21 22:29:32 | 001,635,886 | ---- | C] () -- C:\Users\Ken\Desktop\scan0070.pdf [2013/05/15 17:58:14 | 165,691,072 | ---- | C] () -- C:\Users\Ken\051513_00001_20130515175814 [2013/05/14 10:55:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2013/05/13 21:32:54 | 065,044,408 | ---- | C] () -- C:\Users\Ken\051313_00008_20130513213254 [2013/05/13 19:33:55 | 524,288,024 | ---- | C] () -- C:\Users\Ken\051313_00007_20130513193355 [2013/05/13 19:17:50 | 524,288,164 | ---- | C] () -- C:\Users\Ken\051313_00006_20130513191750 [2013/05/13 19:07:06 | 524,289,012 | ---- | C] () -- C:\Users\Ken\051313_00005_20130513190706 [2013/05/13 18:32:22 | 524,288,868 | ---- | C] () -- C:\Users\Ken\051313_00004_20130513183222 [2013/05/13 17:58:44 | 524,289,332 | ---- | C] () -- C:\Users\Ken\051313_00003_20130513175844 [2013/05/13 17:06:56 | 524,288,356 | ---- | C] () -- C:\Users\Ken\051313_00002_20130513170656 [2013/05/13 16:24:39 | 524,288,588 | ---- | C] () -- C:\Users\Ken\051313_00001_20130513162439 [2013/05/10 16:16:38 | 000,002,277 | ---- | C] () -- C:\Users\Ken\AppData\Local\recently-used.xbel [2013/05/09 10:23:48 | 899,118,561 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013/04/30 10:39:42 | 000,001,539 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2013/04/27 18:51:31 | 000,001,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk [2013/04/23 16:14:26 | 000,007,609 | ---- | C] () -- C:\Users\Ken\AppData\Local\Resmon.ResmonCfg [2013/03/29 11:31:30 | 000,197,582 | ---- | C] () -- C:\Windows\hpwins05.dat [2013/03/29 11:31:30 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat [2013/03/27 16:46:45 | 000,787,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/03/20 15:59:24 | 000,000,600 | ---- | C] () -- C:\Users\Ken\PUTTY.RND [2013/03/20 15:59:24 | 000,000,600 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\PUTTY.RND [2013/03/20 14:03:32 | 000,000,600 | ---- | C] () -- C:\Users\Ken\AppData\Local\PUTTY.RND [2013/03/20 10:47:19 | 000,001,456 | ---- | C] () -- C:\Users\Ken\AppData\Local\Adobe Save for Web 12.0 Prefs [2013/02/01 17:20:34 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\PGPsdk.dll.sig ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  12. Shoot, sorry - just noticed there were two TDSS in there and don't see a way to edit the post.
  13. Ok - thanks --- TDSS --- (no threats found) 08:48:03.0774 7580 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34 08:48:04.0245 7580 ============================================================ 08:48:04.0245 7580 Current date / time: 2013/05/23 08:48:04.0245 08:48:04.0245 7580 SystemInfo: 08:48:04.0245 7580 08:48:04.0245 7580 OS Version: 6.1.7601 ServicePack: 1.0 08:48:04.0245 7580 Product type: Workstation 08:48:04.0245 7580 ComputerName: ESORKMASON 08:48:04.0245 7580 UserName: Ken 08:48:04.0245 7580 Windows directory: C:\Windows 08:48:04.0245 7580 System windows directory: C:\Windows 08:48:04.0245 7580 Running under WOW64 08:48:04.0245 7580 Processor architecture: Intel x64 08:48:04.0245 7580 Number of processors: 8 08:48:04.0245 7580 Page size: 0x1000 08:48:04.0245 7580 Boot type: Normal boot 08:48:04.0245 7580 ============================================================ 08:48:04.0635 7580 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 08:48:04.0644 7580 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 08:48:04.0649 7580 ============================================================ 08:48:04.0649 7580 \Device\Harddisk0\DR0: 08:48:04.0649 7580 MBR partitions: 08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000 08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D7F8 08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000 08:48:04.0649 7580 \Device\Harddisk1\DR1: 08:48:04.0650 7580 MBR partitions: 08:48:04.0650 7580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02 08:48:04.0650 7580 ============================================================ 08:48:04.0661 7580 F: <-> \Device\Harddisk1\DR1\Partition1 08:48:04.0661 7580 ============================================================ 08:48:04.0661 7580 Initialize success 08:48:04.0661 7580 ============================================================ 08:48:06.0012 8092 ============================================================ 08:48:06.0012 8092 Scan started 08:48:06.0012 8092 Mode: Manual; 08:48:06.0012 8092 ============================================================ 08:48:06.0061 8092 ================ Scan system memory ======================== 08:48:06.0061 8092 System memory - ok 08:48:06.0061 8092 ================ Scan services ============================= 08:48:06.0096 8092 1394ohci - ok 08:48:06.0115 8092 5U877 - ok 08:48:06.0121 8092 ACPI - ok 08:48:06.0124 8092 AcpiPmi - ok 08:48:06.0144 8092 AcPrfMgrSvc - ok 08:48:06.0174 8092 acsock - ok 08:48:06.0211 8092 AcSvc - ok 08:48:06.0251 8092 adp94xx - ok 08:48:06.0256 8092 adpahci - ok 08:48:06.0260 8092 adpu320 - ok 08:48:06.0266 8092 AeLookupSvc - ok 08:48:06.0289 8092 AFD - ok 08:48:06.0293 8092 agp440 - ok 08:48:06.0298 8092 ALG - ok 08:48:06.0303 8092 aliide - ok 08:48:06.0307 8092 amdide - ok 08:48:06.0312 8092 AmdK8 - ok 08:48:06.0317 8092 AmdPPM - ok 08:48:06.0321 8092 amdsata - ok 08:48:06.0326 8092 amdsbs - ok 08:48:06.0329 8092 amdxata - ok 08:48:06.0334 8092 AppID - ok 08:48:06.0338 8092 AppIDSvc - ok 08:48:06.0351 8092 Appinfo - ok 08:48:06.0362 8092 Apple Mobile Device - ok 08:48:06.0367 8092 AppMgmt - ok 08:48:06.0485 8092 arc - ok 08:48:06.0489 8092 arcsas - ok 08:48:06.0497 8092 AsyncMac - ok 08:48:06.0502 8092 atapi - ok 08:48:06.0507 8092 AudioEndpointBuilder - ok 08:48:06.0512 8092 AudioSrv - ok 08:48:06.0523 8092 AxInstSV - ok 08:48:06.0528 8092 b06bdrv - ok 08:48:06.0532 8092 b57nd60a - ok 08:48:06.0539 8092 BBSvc - ok 08:48:06.0544 8092 BBUpdate - ok 08:48:06.0549 8092 BDESVC - ok 08:48:06.0553 8092 Beep - ok 08:48:06.0567 8092 BESClient - ok 08:48:06.0574 8092 BFE - ok 08:48:06.0578 8092 BITS - ok 08:48:06.0583 8092 blbdrive - ok 08:48:06.0587 8092 Bonjour Service - ok 08:48:06.0592 8092 bowser - ok 08:48:06.0601 8092 BrFiltLo - ok 08:48:06.0606 8092 BrFiltUp - ok 08:48:06.0617 8092 BridgeMP - ok 08:48:06.0622 8092 Browser - ok 08:48:06.0627 8092 Brserid - ok 08:48:06.0632 8092 BrSerWdm - ok 08:48:06.0638 8092 BrUsbMdm - ok 08:48:06.0642 8092 BrUsbSer - ok 08:48:06.0647 8092 BthEnum - ok 08:48:06.0651 8092 BTHMODEM - ok 08:48:06.0655 8092 BthPan - ok 08:48:06.0663 8092 BTHPORT - ok 08:48:06.0667 8092 bthserv - ok 08:48:06.0672 8092 BTHUSB - ok 08:48:06.0683 8092 btwaudio - ok 08:48:06.0696 8092 btwavdt - ok 08:48:06.0706 8092 btwdins - ok 08:48:06.0710 8092 btwl2cap - ok 08:48:06.0714 8092 btwrchid - ok 08:48:06.0717 8092 catchme - ok 08:48:06.0728 8092 CAXHWAZL - ok 08:48:06.0732 8092 cdfs - ok 08:48:06.0746 8092 cdrom - ok 08:48:06.0750 8092 CertPropSvc - ok 08:48:06.0760 8092 CFUACProxy_officeguardianv2 - ok 08:48:06.0779 8092 circlass - ok 08:48:06.0783 8092 CLFS - ok 08:48:06.0786 8092 clr_optimization_v2.0.50727_32 - ok 08:48:06.0791 8092 clr_optimization_v2.0.50727_64 - ok 08:48:06.0795 8092 clr_optimization_v4.0.30319_32 - ok 08:48:06.0800 8092 clr_optimization_v4.0.30319_64 - ok 08:48:06.0809 8092 CmBatt - ok 08:48:06.0813 8092 cmdide - ok 08:48:06.0816 8092 CNG - ok 08:48:06.0820 8092 CnxtHdAudService - ok 08:48:06.0825 8092 Compbatt - ok 08:48:06.0828 8092 CompositeBus - ok 08:48:06.0832 8092 COMSysApp - ok 08:48:06.0836 8092 crcdisk - ok 08:48:06.0841 8092 CryptSvc - ok 08:48:06.0844 8092 CSC - ok 08:48:06.0848 8092 CscService - ok 08:48:06.0853 8092 CVirtA - ok 08:48:06.0856 8092 CVPND - ok 08:48:06.0869 8092 CVPNDRVA - ok 08:48:06.0875 8092 DcomLaunch - ok 08:48:06.0878 8092 defragsvc - ok 08:48:06.0882 8092 DfsC - ok 08:48:06.0886 8092 Dhcp - ok 08:48:06.0890 8092 discache - ok 08:48:06.0894 8092 Disk - ok 08:48:06.0898 8092 DNE - ok 08:48:06.0902 8092 Dnscache - ok 08:48:06.0905 8092 dot3svc - ok 08:48:06.0908 8092 DozeSvc - ok 08:48:06.0912 8092 DPS - ok 08:48:06.0917 8092 drmkaud - ok 08:48:06.0920 8092 DXGKrnl - ok 08:48:06.0924 8092 DzHDD64 - ok 08:48:06.0942 8092 e1kexpress - ok 08:48:06.0946 8092 EapHost - ok 08:48:06.0950 8092 ebdrv - ok 08:48:06.0953 8092 EFS - ok 08:48:06.0956 8092 ehRecvr - ok 08:48:06.0959 8092 ehSched - ok 08:48:06.0963 8092 elxstor - ok 08:48:06.0973 8092 EMSAgent - ok 08:48:06.0976 8092 ErrDev - ok 08:48:06.0986 8092 EVault InfoStage Agent - ok 08:48:06.0991 8092 EVault InfoStage BUAgent - ok 08:48:06.0995 8092 EventSystem - ok 08:48:06.0999 8092 EvtEng - ok 08:48:07.0003 8092 exfat - ok 08:48:07.0006 8092 fastfat - ok 08:48:07.0010 8092 Fax - ok 08:48:07.0014 8092 fdc - ok 08:48:07.0017 8092 fdPHost - ok 08:48:07.0021 8092 FDResPub - ok 08:48:07.0025 8092 FileInfo - ok 08:48:07.0028 8092 Filetrace - ok 08:48:07.0038 8092 FLEXnet Licensing Service - ok 08:48:07.0043 8092 flpydisk - ok 08:48:07.0046 8092 FltMgr - ok 08:48:07.0050 8092 FontCache - ok 08:48:07.0054 8092 FontCache3.0.0.0 - ok 08:48:07.0058 8092 FsDepends - ok 08:48:07.0062 8092 Fs_Rec - ok 08:48:07.0065 8092 fvevol - ok 08:48:07.0069 8092 gagp30kx - ok 08:48:07.0073 8092 GEARAspiWDM - ok 08:48:07.0077 8092 gpsvc - ok 08:48:07.0081 8092 gupdate - ok 08:48:07.0085 8092 gupdatem - ok 08:48:07.0089 8092 hcw85cir - ok 08:48:07.0103 8092 HdAudAddService - ok 08:48:07.0111 8092 HDAudBus - ok 08:48:07.0115 8092 HECIx64 - ok 08:48:07.0119 8092 HidBatt - ok 08:48:07.0123 8092 HidBth - ok 08:48:07.0126 8092 HidIr - ok 08:48:07.0130 8092 hidserv - ok 08:48:07.0133 8092 HidUsb - ok 08:48:07.0137 8092 hkmsvc - ok 08:48:07.0141 8092 HomeGroupListener - ok 08:48:07.0145 8092 HomeGroupProvider - ok 08:48:07.0149 8092 HpSAMD - ok 08:48:07.0153 8092 HPSLPSVC - ok 08:48:07.0163 8092 HsfXAudioService - ok 08:48:07.0166 8092 HSF_DPV - ok 08:48:07.0170 8092 HTTP - ok 08:48:07.0173 8092 hwpolicy - ok 08:48:07.0180 8092 i8042prt - ok 08:48:07.0183 8092 iaStor - ok 08:48:07.0186 8092 iaStorV - ok 08:48:07.0190 8092 IBMPMDRV - ok 08:48:07.0193 8092 IBMPMSVC - ok 08:48:07.0197 8092 idsvc - ok 08:48:07.0200 8092 igfx - ok 08:48:07.0204 8092 iirsp - ok 08:48:07.0207 8092 IKEEXT - ok 08:48:07.0212 8092 intelide - ok 08:48:07.0224 8092 intelppm - ok 08:48:07.0226 8092 IPBusEnum - ok 08:48:07.0229 8092 IpFilterDriver - ok 08:48:07.0232 8092 iphlpsvc - ok 08:48:07.0236 8092 IPMIDRV - ok 08:48:07.0239 8092 IPNAT - ok 08:48:07.0242 8092 iPod Service - ok 08:48:07.0245 8092 IRENUM - ok 08:48:07.0248 8092 isapnp - ok 08:48:07.0251 8092 iScsiPrt - ok 08:48:07.0263 8092 IviRegMgr - ok 08:48:07.0267 8092 kbdclass - ok 08:48:07.0270 8092 kbdhid - ok 08:48:07.0273 8092 KeyIso - ok 08:48:07.0276 8092 KSecDD - ok 08:48:07.0278 8092 KSecPkg - ok 08:48:07.0281 8092 ksthunk - ok 08:48:07.0287 8092 KtmRm - ok 08:48:07.0295 8092 LanmanServer - ok 08:48:07.0298 8092 LanmanWorkstation - ok 08:48:07.0301 8092 LBTServ - ok 08:48:07.0309 8092 LENOVO.CAMMUTE - ok 08:48:07.0312 8092 LENOVO.MICMUTE - ok 08:48:07.0315 8092 lenovo.smi - ok 08:48:07.0318 8092 LENOVO.TPKNRSVC - ok 08:48:07.0321 8092 Lenovo.VIRTSCRLSVC - ok 08:48:07.0325 8092 LEqdUsb - ok 08:48:07.0328 8092 LHidEqd - ok 08:48:07.0331 8092 LHidFilt - ok 08:48:07.0337 8092 lltdio - ok 08:48:07.0341 8092 lltdsvc - ok 08:48:07.0343 8092 lmhosts - ok 08:48:07.0347 8092 LMouFilt - ok 08:48:07.0350 8092 LMS - ok 08:48:07.0364 8092 LSI_FC - ok 08:48:07.0367 8092 LSI_SAS - ok 08:48:07.0370 8092 LSI_SAS2 - ok 08:48:07.0373 8092 LSI_SCSI - ok 08:48:07.0376 8092 luafv - ok 08:48:07.0390 8092 MBAMProtector - ok 08:48:07.0399 8092 MBAMScheduler - ok 08:48:07.0403 8092 MBAMService - ok 08:48:07.0406 8092 Mcx2Svc - ok 08:48:07.0409 8092 mdmxsdk - ok 08:48:07.0411 8092 megasas - ok 08:48:07.0415 8092 MegaSR - ok 08:48:07.0417 8092 Microsoft SharePoint Workspace Audit Service - ok 08:48:07.0427 8092 MMCSS - ok 08:48:07.0430 8092 Modem - ok 08:48:07.0433 8092 monitor - ok 08:48:07.0435 8092 mouclass - ok 08:48:07.0438 8092 mouhid - ok 08:48:07.0442 8092 mountmgr - ok 08:48:07.0445 8092 MozillaMaintenance - ok 08:48:07.0448 8092 mpio - ok 08:48:07.0451 8092 mpsdrv - ok 08:48:07.0454 8092 MpsSvc - ok 08:48:07.0457 8092 MRxDAV - ok 08:48:07.0460 8092 mrxsmb - ok 08:48:07.0462 8092 mrxsmb10 - ok 08:48:07.0465 8092 mrxsmb20 - ok 08:48:07.0468 8092 msahci - ok 08:48:07.0471 8092 msdsm - ok 08:48:07.0474 8092 MSDTC - ok 08:48:07.0486 8092 Msfs - ok 08:48:07.0489 8092 mshidkmdf - ok 08:48:07.0492 8092 msisadrv - ok 08:48:07.0495 8092 MSiSCSI - ok 08:48:07.0498 8092 msiserver - ok 08:48:07.0501 8092 MSKSSRV - ok 08:48:07.0504 8092 MSPCLOCK - ok 08:48:07.0507 8092 MSPQM - ok 08:48:07.0510 8092 MsRPC - ok 08:48:07.0515 8092 mssmbios - ok 08:48:07.0517 8092 MSTEE - ok 08:48:07.0523 8092 MTConfig - ok 08:48:07.0526 8092 Mup - ok 08:48:07.0529 8092 napagent - ok 08:48:07.0532 8092 NativeWifiP - ok 08:48:07.0535 8092 NDIS - ok 08:48:07.0538 8092 NdisCap - ok 08:48:07.0544 8092 NdisTapi - ok 08:48:07.0547 8092 Ndisuio - ok 08:48:07.0550 8092 NdisWan - ok 08:48:07.0553 8092 NDProxy - ok 08:48:07.0580 8092 Net Driver HPZ12 - ok 08:48:07.0584 8092 NetBIOS - ok 08:48:07.0588 8092 NetBT - ok 08:48:07.0591 8092 Netlogon - ok 08:48:07.0644 8092 Netman - ok 08:48:07.0650 8092 netprofm - ok 08:48:07.0653 8092 NetTcpPortSharing - ok 08:48:07.0657 8092 netw5v64 - ok 08:48:07.0660 8092 NETwNs64 - ok 08:48:07.0663 8092 nfrd960 - ok 08:48:07.0666 8092 NlaSvc - ok 08:48:07.0710 8092 nm3 - ok 08:48:07.0716 8092 NPF - ok 08:48:07.0719 8092 Npfs - ok 08:48:07.0722 8092 nsi - ok 08:48:07.0725 8092 nsiproxy - ok 08:48:07.0729 8092 Ntfs - ok 08:48:07.0733 8092 ntrtscan - ok 08:48:07.0736 8092 Null - ok 08:48:07.0743 8092 nusb3hub - ok 08:48:07.0746 8092 nusb3xhc - ok 08:48:07.0758 8092 NVHDA - ok 08:48:07.0762 8092 NVIDIA Performance Driver Service - ok 08:48:07.0765 8092 nvlddmkm - ok 08:48:07.0767 8092 nvraid - ok 08:48:07.0770 8092 nvstor - ok 08:48:07.0773 8092 nvsvc - ok 08:48:07.0782 8092 nv_agp - ok 08:48:07.0785 8092 ohci1394 - ok 08:48:07.0796 8092 ose - ok 08:48:07.0800 8092 osppsvc - ok 08:48:07.0805 8092 p2pimsvc - ok 08:48:07.0807 8092 p2psvc - ok 08:48:07.0810 8092 Parport - ok 08:48:07.0813 8092 partmgr - ok 08:48:07.0816 8092 PcaSvc - ok 08:48:07.0819 8092 pci - ok 08:48:07.0821 8092 pciide - ok 08:48:07.0824 8092 pcmcia - ok 08:48:07.0827 8092 pcw - ok 08:48:07.0830 8092 PEAUTH - ok 08:48:07.0833 8092 PeerDistSvc - ok 08:48:07.0838 8092 PerfHost - ok 08:48:07.0847 8092 PGP RDD Service - ok 08:48:07.0853 8092 PGPdisk - ok 08:48:07.0856 8092 pgpfs - ok 08:48:07.0861 8092 PGPsdkDriver - ok 08:48:07.0864 8092 PGPwded - ok 08:48:07.0868 8092 Pgpwdefs - ok 08:48:07.0871 8092 pla - ok 08:48:07.0879 8092 PlugPlay - ok 08:48:07.0883 8092 Pml Driver HPZ12 - ok 08:48:07.0892 8092 pmxdrv - ok 08:48:07.0895 8092 PNRPAutoReg - ok 08:48:07.0898 8092 PNRPsvc - ok 08:48:07.0901 8092 PolicyAgent - ok 08:48:07.0905 8092 Power - ok 08:48:07.0911 8092 Power Manager DBC Service - ok 08:48:07.0914 8092 PptpMiniport - ok 08:48:07.0917 8092 Processor - ok 08:48:07.0920 8092 ProfSvc - ok 08:48:07.0924 8092 ProtectedStorage - ok 08:48:07.0927 8092 psadd - ok 08:48:07.0963 8092 Psched - ok 08:48:07.0966 8092 ql2300 - ok 08:48:07.0969 8092 ql40xx - ok 08:48:07.0973 8092 QWAVE - ok 08:48:07.0976 8092 QWAVEdrv - ok 08:48:07.0979 8092 RasAcd - ok 08:48:08.0012 8092 RasAgileVpn - ok 08:48:08.0020 8092 RasAuto - ok 08:48:08.0025 8092 Rasl2tp - ok 08:48:08.0034 8092 RasMan - ok 08:48:08.0040 8092 RasPppoe - ok 08:48:08.0043 8092 RasSstp - ok 08:48:08.0046 8092 rdbss - ok 08:48:08.0049 8092 rdpbus - ok 08:48:08.0052 8092 RDPCDD - ok 08:48:08.0056 8092 RDPDR - ok 08:48:08.0081 8092 RDPENCDD - ok 08:48:08.0086 8092 RDPREFMP - ok 08:48:08.0089 8092 RDPWD - ok 08:48:08.0092 8092 rdyboost - ok 08:48:08.0131 8092 RegSrvc - ok 08:48:08.0135 8092 RemoteAccess - ok 08:48:08.0139 8092 RemoteRegistry - ok 08:48:08.0144 8092 RFCOMM - ok 08:48:08.0151 8092 rimspci - ok 08:48:08.0167 8092 rpcapd - ok 08:48:08.0184 8092 RpcEptMapper - ok 08:48:08.0188 8092 RpcLocator - ok 08:48:08.0191 8092 RpcSs - ok 08:48:08.0194 8092 rspndr - ok 08:48:08.0197 8092 s3cap - ok 08:48:08.0200 8092 SamSs - ok 08:48:08.0202 8092 sbp2port - ok 08:48:08.0205 8092 SCardSvr - ok 08:48:08.0208 8092 scfilter - ok 08:48:08.0211 8092 Schedule - ok 08:48:08.0214 8092 SCPolicySvc - ok 08:48:08.0217 8092 sdbus - ok 08:48:08.0220 8092 SDRSVC - ok 08:48:08.0222 8092 secdrv - ok 08:48:08.0225 8092 seclogon - ok 08:48:08.0234 8092 SENS - ok 08:48:08.0243 8092 SensrSvc - ok 08:48:08.0249 8092 Serenum - ok 08:48:08.0252 8092 Serial - ok 08:48:08.0256 8092 sermouse - ok 08:48:08.0263 8092 SessionEnv - ok 08:48:08.0268 8092 sffdisk - ok 08:48:08.0271 8092 sffp_mmc - ok 08:48:08.0274 8092 sffp_sd - ok 08:48:08.0277 8092 sfloppy - ok 08:48:08.0289 8092 SharedAccess - ok 08:48:08.0292 8092 ShellHWDetection - ok 08:48:08.0295 8092 Shockprf - ok 08:48:08.0304 8092 SiSRaid2 - ok 08:48:08.0307 8092 SiSRaid4 - ok 08:48:08.0310 8092 Smb - ok 08:48:08.0313 8092 smihlp - ok 08:48:08.0320 8092 SNMPTRAP - ok 08:48:08.0322 8092 spldr - ok 08:48:08.0325 8092 Spooler - ok 08:48:08.0328 8092 sppsvc - ok 08:48:08.0332 8092 sppuinotify - ok 08:48:08.0334 8092 srv - ok 08:48:08.0337 8092 srv2 - ok 08:48:08.0344 8092 SrvHsfHDA - ok 08:48:08.0347 8092 SrvHsfV92 - ok 08:48:08.0350 8092 SrvHsfWinac - ok 08:48:08.0352 8092 srvnet - ok 08:48:08.0355 8092 SSDPSRV - ok 08:48:08.0358 8092 SstpSvc - ok 08:48:08.0361 8092 stexstor - ok 08:48:08.0364 8092 StillCam - ok 08:48:08.0367 8092 stisvc - ok 08:48:08.0370 8092 storflt - ok 08:48:08.0372 8092 StorSvc - ok 08:48:08.0375 8092 storvsc - ok 08:48:08.0378 8092 SUService - ok 08:48:08.0384 8092 svcGenericHost - ok 08:48:08.0387 8092 swenum - ok 08:48:08.0391 8092 SwitchBoard - ok 08:48:08.0394 8092 swprv - ok 08:48:08.0397 8092 SynTP - ok 08:48:08.0400 8092 SysMain - ok 08:48:08.0403 8092 TabletInputService - ok 08:48:08.0406 8092 TapiSrv - ok 08:48:08.0409 8092 TBS - ok 08:48:08.0412 8092 Tcpip - ok 08:48:08.0415 8092 TCPIP6 - ok 08:48:08.0419 8092 tcpipreg - ok 08:48:08.0424 8092 TDPIPE - ok 08:48:08.0427 8092 TDTCP - ok 08:48:08.0431 8092 tdx - ok 08:48:08.0435 8092 TermDD - ok 08:48:08.0438 8092 TermService - ok 08:48:08.0442 8092 Themes - ok 08:48:08.0446 8092 ThinkVantage Registry Monitor Service - ok 08:48:08.0450 8092 THREADORDER - ok 08:48:08.0453 8092 tmactmon - ok 08:48:08.0460 8092 TMBMServer - ok 08:48:08.0463 8092 tmcomm - ok 08:48:08.0467 8092 tmevtmgr - ok 08:48:08.0478 8092 TmFilter - ok 08:48:08.0481 8092 tmlisten - ok 08:48:08.0499 8092 TmPreFilter - ok 08:48:08.0503 8092 TmProxy - ok 08:48:08.0506 8092 tmtdi - ok 08:48:08.0518 8092 TPDIGIMN - ok 08:48:08.0520 8092 TPHDEXLGSVC - ok 08:48:08.0523 8092 TPHKSVC - ok 08:48:08.0535 8092 TPM - ok 08:48:08.0538 8092 TPPWRIF - ok 08:48:08.0541 8092 TrkWks - ok 08:48:08.0544 8092 TrustedInstaller - ok 08:48:08.0548 8092 tssecsrv - ok 08:48:08.0552 8092 TsUsbFlt - ok 08:48:08.0568 8092 tunnel - ok 08:48:08.0571 8092 TurboB - ok 08:48:08.0574 8092 TurboBoost - ok 08:48:08.0577 8092 TVT Backup Service - ok 08:48:08.0580 8092 TVTI2C - ok 08:48:08.0583 8092 uagp35 - ok 08:48:08.0586 8092 udfs - ok 08:48:08.0591 8092 UI0Detect - ok 08:48:08.0595 8092 UleadBurningHelper - ok 08:48:08.0608 8092 uliagpkx - ok 08:48:08.0611 8092 umbus - ok 08:48:08.0614 8092 UmPass - ok 08:48:08.0617 8092 UmRdpService - ok 08:48:08.0619 8092 UNS - ok 08:48:08.0623 8092 upnphost - ok 08:48:08.0630 8092 USBAAPL64 - ok 08:48:08.0633 8092 usbccgp - ok 08:48:08.0636 8092 usbcir - ok 08:48:08.0639 8092 usbehci - ok 08:48:08.0642 8092 usbhub - ok 08:48:08.0646 8092 usbohci - ok 08:48:08.0648 8092 usbprint - ok 08:48:08.0651 8092 USBSTOR - ok 08:48:08.0654 8092 usbuhci - ok 08:48:08.0665 8092 usbvideo - ok 08:48:08.0668 8092 UxSms - ok 08:48:08.0670 8092 VaultSvc - ok 08:48:08.0680 8092 vdrvroot - ok 08:48:08.0685 8092 vds - ok 08:48:08.0689 8092 vga - ok 08:48:08.0693 8092 VgaSave - ok 08:48:08.0697 8092 vhdmp - ok 08:48:08.0701 8092 viaide - ok 08:48:08.0704 8092 vmbus - ok 08:48:08.0708 8092 VMBusHID - ok 08:48:08.0712 8092 volmgr - ok 08:48:08.0716 8092 volmgrx - ok 08:48:08.0720 8092 volsnap - ok 08:48:08.0725 8092 vpnagent - ok 08:48:08.0730 8092 vpnva - ok 08:48:08.0733 8092 VSApiNt - ok 08:48:08.0738 8092 vsmraid - ok 08:48:08.0742 8092 VSS - ok 08:48:08.0746 8092 vwifibus - ok 08:48:08.0755 8092 vwififlt - ok 08:48:08.0759 8092 W32Time - ok 08:48:08.0764 8092 WacomPen - ok 08:48:08.0768 8092 WANARP - ok 08:48:08.0779 8092 Wanarpv6 - ok 08:48:08.0787 8092 WatAdminSvc - ok 08:48:08.0791 8092 wbengine - ok 08:48:08.0795 8092 WbioSrvc - ok 08:48:08.0798 8092 wcncsvc - ok 08:48:08.0802 8092 WcsPlugInService - ok 08:48:08.0806 8092 Wd - ok 08:48:08.0810 8092 Wdf01000 - ok 08:48:08.0814 8092 WdiServiceHost - ok 08:48:08.0818 8092 WdiSystemHost - ok 08:48:08.0821 8092 WebClient - ok 08:48:08.0825 8092 Wecsvc - ok 08:48:08.0829 8092 wercplsupport - ok 08:48:08.0839 8092 WerSvc - ok 08:48:08.0843 8092 WfpLwf - ok 08:48:08.0847 8092 WIMMount - ok 08:48:08.0851 8092 winachsf - ok 08:48:08.0855 8092 WinDefend - ok 08:48:08.0861 8092 WinHttpAutoProxySvc - ok 08:48:08.0865 8092 Winmgmt - ok 08:48:08.0868 8092 WinRing0_1_2_0 - ok 08:48:08.0873 8092 WinRM - ok 08:48:08.0880 8092 WinUsb - ok 08:48:08.0884 8092 Wlansvc - ok 08:48:08.0888 8092 wlcrasvc - ok 08:48:08.0891 8092 wlidsvc - ok 08:48:08.0896 8092 WmiAcpi - ok 08:48:08.0901 8092 wmiApSrv - ok 08:48:08.0905 8092 WMPNetworkSvc - ok 08:48:08.0941 8092 WMZuneComm - ok 08:48:08.0948 8092 WPCSvc - ok 08:48:08.0954 8092 WPDBusEnum - ok 08:48:08.0960 8092 ws2ifsl - ok 08:48:08.0969 8092 wscsvc - ok 08:48:08.0973 8092 WSearch - ok 08:48:08.0978 8092 wuauserv - ok 08:48:08.0981 8092 WudfPf - ok 08:48:08.0984 8092 WUDFRd - ok 08:48:08.0987 8092 wudfsvc - ok 08:48:08.0990 8092 WwanSvc - ok 08:48:08.0993 8092 XAudio - ok 08:48:08.0998 8092 ZuneNetworkSvc - ok 08:48:09.0001 8092 ZuneWlanCfgSvc - ok 08:48:09.0037 8092 ================ Scan global =============================== 08:48:09.0038 8092 [Global] - ok 08:48:09.0039 8092 ================ Scan MBR ================================== 08:48:09.0060 8092 [ CDAD75D3EC5E1B28A473CCFC6744F488 ] \Device\Harddisk0\DR0 08:48:09.0202 8092 \Device\Harddisk0\DR0 - ok 08:48:09.0207 8092 [ 8464D19686910A2E5D0E5C28C70A95AB ] \Device\Harddisk1\DR1 08:48:09.0215 8092 \Device\Harddisk1\DR1 - ok 08:48:09.0216 8092 ================ Scan VBR ================================== 08:48:09.0230 8092 [ FE19E7DA9B62030FC3AFD08FA6B0AF8B ] \Device\Harddisk0\DR0\Partition1 08:48:09.0230 8092 \Device\Harddisk0\DR0\Partition1 - ok 08:48:09.0244 8092 [ 405733900A3B9D5FE0A587752BB69B6E ] \Device\Harddisk0\DR0\Partition2 08:48:09.0244 8092 \Device\Harddisk0\DR0\Partition2 - ok 08:48:09.0274 8092 [ 6E867FD1EBEA65EEE887B8FFE2138BC7 ] \Device\Harddisk0\DR0\Partition3 08:48:09.0275 8092 \Device\Harddisk0\DR0\Partition3 - ok 08:48:09.0280 8092 [ 27A125B82848D7DE4BC0F6772A187D22 ] \Device\Harddisk1\DR1\Partition1 08:48:09.0282 8092 \Device\Harddisk1\DR1\Partition1 - ok 08:48:09.0283 8092 ============================================================ 08:48:09.0283 8092 Scan finished 08:48:09.0283 8092 ============================================================ 08:48:09.0302 8224 Detected object count: 0 08:48:09.0302 8224 Actual detected object count: 0 08:48:03.0774 7580 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34 08:48:04.0245 7580 ============================================================ 08:48:04.0245 7580 Current date / time: 2013/05/23 08:48:04.0245 08:48:04.0245 7580 SystemInfo: 08:48:04.0245 7580 08:48:04.0245 7580 OS Version: 6.1.7601 ServicePack: 1.0 08:48:04.0245 7580 Product type: Workstation 08:48:04.0245 7580 ComputerName: ESORKMASON 08:48:04.0245 7580 UserName: Ken 08:48:04.0245 7580 Windows directory: C:\Windows 08:48:04.0245 7580 System windows directory: C:\Windows 08:48:04.0245 7580 Running under WOW64 08:48:04.0245 7580 Processor architecture: Intel x64 08:48:04.0245 7580 Number of processors: 8 08:48:04.0245 7580 Page size: 0x1000 08:48:04.0245 7580 Boot type: Normal boot 08:48:04.0245 7580 ============================================================ 08:48:04.0635 7580 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 08:48:04.0644 7580 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 08:48:04.0649 7580 ============================================================ 08:48:04.0649 7580 \Device\Harddisk0\DR0: 08:48:04.0649 7580 MBR partitions: 08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000 08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D7F8 08:48:04.0649 7580 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000 08:48:04.0649 7580 \Device\Harddisk1\DR1: 08:48:04.0650 7580 MBR partitions: 08:48:04.0650 7580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02 08:48:04.0650 7580 ============================================================ 08:48:04.0661 7580 F: <-> \Device\Harddisk1\DR1\Partition1 08:48:04.0661 7580 ============================================================ 08:48:04.0661 7580 Initialize success 08:48:04.0661 7580 ============================================================ 08:48:06.0012 8092 ============================================================ 08:48:06.0012 8092 Scan started 08:48:06.0012 8092 Mode: Manual; 08:48:06.0012 8092 ============================================================ 08:48:06.0061 8092 ================ Scan system memory ======================== 08:48:06.0061 8092 System memory - ok 08:48:06.0061 8092 ================ Scan services ============================= 08:48:06.0096 8092 1394ohci - ok 08:48:06.0115 8092 5U877 - ok 08:48:06.0121 8092 ACPI - ok 08:48:06.0124 8092 AcpiPmi - ok 08:48:06.0144 8092 AcPrfMgrSvc - ok 08:48:06.0174 8092 acsock - ok 08:48:06.0211 8092 AcSvc - ok 08:48:06.0251 8092 adp94xx - ok 08:48:06.0256 8092 adpahci - ok 08:48:06.0260 8092 adpu320 - ok 08:48:06.0266 8092 AeLookupSvc - ok 08:48:06.0289 8092 AFD - ok 08:48:06.0293 8092 agp440 - ok 08:48:06.0298 8092 ALG - ok 08:48:06.0303 8092 aliide - ok 08:48:06.0307 8092 amdide - ok 08:48:06.0312 8092 AmdK8 - ok 08:48:06.0317 8092 AmdPPM - ok 08:48:06.0321 8092 amdsata - ok 08:48:06.0326 8092 amdsbs - ok 08:48:06.0329 8092 amdxata - ok 08:48:06.0334 8092 AppID - ok 08:48:06.0338 8092 AppIDSvc - ok 08:48:06.0351 8092 Appinfo - ok 08:48:06.0362 8092 Apple Mobile Device - ok 08:48:06.0367 8092 AppMgmt - ok 08:48:06.0485 8092 arc - ok 08:48:06.0489 8092 arcsas - ok 08:48:06.0497 8092 AsyncMac - ok 08:48:06.0502 8092 atapi - ok 08:48:06.0507 8092 AudioEndpointBuilder - ok 08:48:06.0512 8092 AudioSrv - ok 08:48:06.0523 8092 AxInstSV - ok 08:48:06.0528 8092 b06bdrv - ok 08:48:06.0532 8092 b57nd60a - ok 08:48:06.0539 8092 BBSvc - ok 08:48:06.0544 8092 BBUpdate - ok 08:48:06.0549 8092 BDESVC - ok 08:48:06.0553 8092 Beep - ok 08:48:06.0567 8092 BESClient - ok 08:48:06.0574 8092 BFE - ok 08:48:06.0578 8092 BITS - ok 08:48:06.0583 8092 blbdrive - ok 08:48:06.0587 8092 Bonjour Service - ok 08:48:06.0592 8092 bowser - ok 08:48:06.0601 8092 BrFiltLo - ok 08:48:06.0606 8092 BrFiltUp - ok 08:48:06.0617 8092 BridgeMP - ok 08:48:06.0622 8092 Browser - ok 08:48:06.0627 8092 Brserid - ok 08:48:06.0632 8092 BrSerWdm - ok 08:48:06.0638 8092 BrUsbMdm - ok 08:48:06.0642 8092 BrUsbSer - ok 08:48:06.0647 8092 BthEnum - ok 08:48:06.0651 8092 BTHMODEM - ok 08:48:06.0655 8092 BthPan - ok 08:48:06.0663 8092 BTHPORT - ok 08:48:06.0667 8092 bthserv - ok 08:48:06.0672 8092 BTHUSB - ok 08:48:06.0683 8092 btwaudio - ok 08:48:06.0696 8092 btwavdt - ok 08:48:06.0706 8092 btwdins - ok 08:48:06.0710 8092 btwl2cap - ok 08:48:06.0714 8092 btwrchid - ok 08:48:06.0717 8092 catchme - ok 08:48:06.0728 8092 CAXHWAZL - ok 08:48:06.0732 8092 cdfs - ok 08:48:06.0746 8092 cdrom - ok 08:48:06.0750 8092 CertPropSvc - ok 08:48:06.0760 8092 CFUACProxy_officeguardianv2 - ok 08:48:06.0779 8092 circlass - ok 08:48:06.0783 8092 CLFS - ok 08:48:06.0786 8092 clr_optimization_v2.0.50727_32 - ok 08:48:06.0791 8092 clr_optimization_v2.0.50727_64 - ok 08:48:06.0795 8092 clr_optimization_v4.0.30319_32 - ok 08:48:06.0800 8092 clr_optimization_v4.0.30319_64 - ok 08:48:06.0809 8092 CmBatt - ok 08:48:06.0813 8092 cmdide - ok 08:48:06.0816 8092 CNG - ok 08:48:06.0820 8092 CnxtHdAudService - ok 08:48:06.0825 8092 Compbatt - ok 08:48:06.0828 8092 CompositeBus - ok 08:48:06.0832 8092 COMSysApp - ok 08:48:06.0836 8092 crcdisk - ok 08:48:06.0841 8092 CryptSvc - ok 08:48:06.0844 8092 CSC - ok 08:48:06.0848 8092 CscService - ok 08:48:06.0853 8092 CVirtA - ok 08:48:06.0856 8092 CVPND - ok 08:48:06.0869 8092 CVPNDRVA - ok 08:48:06.0875 8092 DcomLaunch - ok 08:48:06.0878 8092 defragsvc - ok 08:48:06.0882 8092 DfsC - ok 08:48:06.0886 8092 Dhcp - ok 08:48:06.0890 8092 discache - ok 08:48:06.0894 8092 Disk - ok 08:48:06.0898 8092 DNE - ok 08:48:06.0902 8092 Dnscache - ok 08:48:06.0905 8092 dot3svc - ok 08:48:06.0908 8092 DozeSvc - ok 08:48:06.0912 8092 DPS - ok 08:48:06.0917 8092 drmkaud - ok 08:48:06.0920 8092 DXGKrnl - ok 08:48:06.0924 8092 DzHDD64 - ok 08:48:06.0942 8092 e1kexpress - ok 08:48:06.0946 8092 EapHost - ok 08:48:06.0950 8092 ebdrv - ok 08:48:06.0953 8092 EFS - ok 08:48:06.0956 8092 ehRecvr - ok 08:48:06.0959 8092 ehSched - ok 08:48:06.0963 8092 elxstor - ok 08:48:06.0973 8092 EMSAgent - ok 08:48:06.0976 8092 ErrDev - ok 08:48:06.0986 8092 EVault InfoStage Agent - ok 08:48:06.0991 8092 EVault InfoStage BUAgent - ok 08:48:06.0995 8092 EventSystem - ok 08:48:06.0999 8092 EvtEng - ok 08:48:07.0003 8092 exfat - ok 08:48:07.0006 8092 fastfat - ok 08:48:07.0010 8092 Fax - ok 08:48:07.0014 8092 fdc - ok 08:48:07.0017 8092 fdPHost - ok 08:48:07.0021 8092 FDResPub - ok 08:48:07.0025 8092 FileInfo - ok 08:48:07.0028 8092 Filetrace - ok 08:48:07.0038 8092 FLEXnet Licensing Service - ok 08:48:07.0043 8092 flpydisk - ok 08:48:07.0046 8092 FltMgr - ok 08:48:07.0050 8092 FontCache - ok 08:48:07.0054 8092 FontCache3.0.0.0 - ok 08:48:07.0058 8092 FsDepends - ok 08:48:07.0062 8092 Fs_Rec - ok 08:48:07.0065 8092 fvevol - ok 08:48:07.0069 8092 gagp30kx - ok 08:48:07.0073 8092 GEARAspiWDM - ok 08:48:07.0077 8092 gpsvc - ok 08:48:07.0081 8092 gupdate - ok 08:48:07.0085 8092 gupdatem - ok 08:48:07.0089 8092 hcw85cir - ok 08:48:07.0103 8092 HdAudAddService - ok 08:48:07.0111 8092 HDAudBus - ok 08:48:07.0115 8092 HECIx64 - ok 08:48:07.0119 8092 HidBatt - ok 08:48:07.0123 8092 HidBth - ok 08:48:07.0126 8092 HidIr - ok 08:48:07.0130 8092 hidserv - ok 08:48:07.0133 8092 HidUsb - ok 08:48:07.0137 8092 hkmsvc - ok 08:48:07.0141 8092 HomeGroupListener - ok 08:48:07.0145 8092 HomeGroupProvider - ok 08:48:07.0149 8092 HpSAMD - ok 08:48:07.0153 8092 HPSLPSVC - ok 08:48:07.0163 8092 HsfXAudioService - ok 08:48:07.0166 8092 HSF_DPV - ok 08:48:07.0170 8092 HTTP - ok 08:48:07.0173 8092 hwpolicy - ok 08:48:07.0180 8092 i8042prt - ok 08:48:07.0183 8092 iaStor - ok 08:48:07.0186 8092 iaStorV - ok 08:48:07.0190 8092 IBMPMDRV - ok 08:48:07.0193 8092 IBMPMSVC - ok 08:48:07.0197 8092 idsvc - ok 08:48:07.0200 8092 igfx - ok 08:48:07.0204 8092 iirsp - ok 08:48:07.0207 8092 IKEEXT - ok 08:48:07.0212 8092 intelide - ok 08:48:07.0224 8092 intelppm - ok 08:48:07.0226 8092 IPBusEnum - ok 08:48:07.0229 8092 IpFilterDriver - ok 08:48:07.0232 8092 iphlpsvc - ok 08:48:07.0236 8092 IPMIDRV - ok 08:48:07.0239 8092 IPNAT - ok 08:48:07.0242 8092 iPod Service - ok 08:48:07.0245 8092 IRENUM - ok 08:48:07.0248 8092 isapnp - ok 08:48:07.0251 8092 iScsiPrt - ok 08:48:07.0263 8092 IviRegMgr - ok 08:48:07.0267 8092 kbdclass - ok 08:48:07.0270 8092 kbdhid - ok 08:48:07.0273 8092 KeyIso - ok 08:48:07.0276 8092 KSecDD - ok 08:48:07.0278 8092 KSecPkg - ok 08:48:07.0281 8092 ksthunk - ok 08:48:07.0287 8092 KtmRm - ok 08:48:07.0295 8092 LanmanServer - ok 08:48:07.0298 8092 LanmanWorkstation - ok 08:48:07.0301 8092 LBTServ - ok 08:48:07.0309 8092 LENOVO.CAMMUTE - ok 08:48:07.0312 8092 LENOVO.MICMUTE - ok 08:48:07.0315 8092 lenovo.smi - ok 08:48:07.0318 8092 LENOVO.TPKNRSVC - ok 08:48:07.0321 8092 Lenovo.VIRTSCRLSVC - ok 08:48:07.0325 8092 LEqdUsb - ok 08:48:07.0328 8092 LHidEqd - ok 08:48:07.0331 8092 LHidFilt - ok 08:48:07.0337 8092 lltdio - ok 08:48:07.0341 8092 lltdsvc - ok 08:48:07.0343 8092 lmhosts - ok 08:48:07.0347 8092 LMouFilt - ok 08:48:07.0350 8092 LMS - ok 08:48:07.0364 8092 LSI_FC - ok 08:48:07.0367 8092 LSI_SAS - ok 08:48:07.0370 8092 LSI_SAS2 - ok 08:48:07.0373 8092 LSI_SCSI - ok 08:48:07.0376 8092 luafv - ok 08:48:07.0390 8092 MBAMProtector - ok 08:48:07.0399 8092 MBAMScheduler - ok 08:48:07.0403 8092 MBAMService - ok 08:48:07.0406 8092 Mcx2Svc - ok 08:48:07.0409 8092 mdmxsdk - ok 08:48:07.0411 8092 megasas - ok 08:48:07.0415 8092 MegaSR - ok 08:48:07.0417 8092 Microsoft SharePoint Workspace Audit Service - ok 08:48:07.0427 8092 MMCSS - ok 08:48:07.0430 8092 Modem - ok 08:48:07.0433 8092 monitor - ok 08:48:07.0435 8092 mouclass - ok 08:48:07.0438 8092 mouhid - ok 08:48:07.0442 8092 mountmgr - ok 08:48:07.0445 8092 MozillaMaintenance - ok 08:48:07.0448 8092 mpio - ok 08:48:07.0451 8092 mpsdrv - ok 08:48:07.0454 8092 MpsSvc - ok 08:48:07.0457 8092 MRxDAV - ok 08:48:07.0460 8092 mrxsmb - ok 08:48:07.0462 8092 mrxsmb10 - ok 08:48:07.0465 8092 mrxsmb20 - ok 08:48:07.0468 8092 msahci - ok 08:48:07.0471 8092 msdsm - ok 08:48:07.0474 8092 MSDTC - ok 08:48:07.0486 8092 Msfs - ok 08:48:07.0489 8092 mshidkmdf - ok 08:48:07.0492 8092 msisadrv - ok 08:48:07.0495 8092 MSiSCSI - ok 08:48:07.0498 8092 msiserver - ok 08:48:07.0501 8092 MSKSSRV - ok 08:48:07.0504 8092 MSPCLOCK - ok 08:48:07.0507 8092 MSPQM - ok 08:48:07.0510 8092 MsRPC - ok 08:48:07.0515 8092 mssmbios - ok 08:48:07.0517 8092 MSTEE - ok 08:48:07.0523 8092 MTConfig - ok 08:48:07.0526 8092 Mup - ok 08:48:07.0529 8092 napagent - ok 08:48:07.0532 8092 NativeWifiP - ok 08:48:07.0535 8092 NDIS - ok 08:48:07.0538 8092 NdisCap - ok 08:48:07.0544 8092 NdisTapi - ok 08:48:07.0547 8092 Ndisuio - ok 08:48:07.0550 8092 NdisWan - ok 08:48:07.0553 8092 NDProxy - ok 08:48:07.0580 8092 Net Driver HPZ12 - ok 08:48:07.0584 8092 NetBIOS - ok 08:48:07.0588 8092 NetBT - ok 08:48:07.0591 8092 Netlogon - ok 08:48:07.0644 8092 Netman - ok 08:48:07.0650 8092 netprofm - ok 08:48:07.0653 8092 NetTcpPortSharing - ok 08:48:07.0657 8092 netw5v64 - ok 08:48:07.0660 8092 NETwNs64 - ok 08:48:07.0663 8092 nfrd960 - ok 08:48:07.0666 8092 NlaSvc - ok 08:48:07.0710 8092 nm3 - ok 08:48:07.0716 8092 NPF - ok 08:48:07.0719 8092 Npfs - ok 08:48:07.0722 8092 nsi - ok 08:48:07.0725 8092 nsiproxy - ok 08:48:07.0729 8092 Ntfs - ok 08:48:07.0733 8092 ntrtscan - ok 08:48:07.0736 8092 Null - ok 08:48:07.0743 8092 nusb3hub - ok 08:48:07.0746 8092 nusb3xhc - ok 08:48:07.0758 8092 NVHDA - ok 08:48:07.0762 8092 NVIDIA Performance Driver Service - ok 08:48:07.0765 8092 nvlddmkm - ok 08:48:07.0767 8092 nvraid - ok 08:48:07.0770 8092 nvstor - ok 08:48:07.0773 8092 nvsvc - ok 08:48:07.0782 8092 nv_agp - ok 08:48:07.0785 8092 ohci1394 - ok 08:48:07.0796 8092 ose - ok 08:48:07.0800 8092 osppsvc - ok 08:48:07.0805 8092 p2pimsvc - ok 08:48:07.0807 8092 p2psvc - ok 08:48:07.0810 8092 Parport - ok 08:48:07.0813 8092 partmgr - ok 08:48:07.0816 8092 PcaSvc - ok 08:48:07.0819 8092 pci - ok 08:48:07.0821 8092 pciide - ok 08:48:07.0824 8092 pcmcia - ok 08:48:07.0827 8092 pcw - ok 08:48:07.0830 8092 PEAUTH - ok 08:48:07.0833 8092 PeerDistSvc - ok 08:48:07.0838 8092 PerfHost - ok 08:48:07.0847 8092 PGP RDD Service - ok 08:48:07.0853 8092 PGPdisk - ok 08:48:07.0856 8092 pgpfs - ok 08:48:07.0861 8092 PGPsdkDriver - ok 08:48:07.0864 8092 PGPwded - ok 08:48:07.0868 8092 Pgpwdefs - ok 08:48:07.0871 8092 pla - ok 08:48:07.0879 8092 PlugPlay - ok 08:48:07.0883 8092 Pml Driver HPZ12 - ok 08:48:07.0892 8092 pmxdrv - ok 08:48:07.0895 8092 PNRPAutoReg - ok 08:48:07.0898 8092 PNRPsvc - ok 08:48:07.0901 8092 PolicyAgent - ok 08:48:07.0905 8092 Power - ok 08:48:07.0911 8092 Power Manager DBC Service - ok 08:48:07.0914 8092 PptpMiniport - ok 08:48:07.0917 8092 Processor - ok 08:48:07.0920 8092 ProfSvc - ok 08:48:07.0924 8092 ProtectedStorage - ok 08:48:07.0927 8092 psadd - ok 08:48:07.0963 8092 Psched - ok 08:48:07.0966 8092 ql2300 - ok 08:48:07.0969 8092 ql40xx - ok 08:48:07.0973 8092 QWAVE - ok 08:48:07.0976 8092 QWAVEdrv - ok 08:48:07.0979 8092 RasAcd - ok 08:48:08.0012 8092 RasAgileVpn - ok 08:48:08.0020 8092 RasAuto - ok 08:48:08.0025 8092 Rasl2tp - ok 08:48:08.0034 8092 RasMan - ok 08:48:08.0040 8092 RasPppoe - ok 08:48:08.0043 8092 RasSstp - ok 08:48:08.0046 8092 rdbss - ok 08:48:08.0049 8092 rdpbus - ok 08:48:08.0052 8092 RDPCDD - ok 08:48:08.0056 8092 RDPDR - ok 08:48:08.0081 8092 RDPENCDD - ok 08:48:08.0086 8092 RDPREFMP - ok 08:48:08.0089 8092 RDPWD - ok 08:48:08.0092 8092 rdyboost - ok 08:48:08.0131 8092 RegSrvc - ok 08:48:08.0135 8092 RemoteAccess - ok 08:48:08.0139 8092 RemoteRegistry - ok 08:48:08.0144 8092 RFCOMM - ok 08:48:08.0151 8092 rimspci - ok 08:48:08.0167 8092 rpcapd - ok 08:48:08.0184 8092 RpcEptMapper - ok 08:48:08.0188 8092 RpcLocator - ok 08:48:08.0191 8092 RpcSs - ok 08:48:08.0194 8092 rspndr - ok 08:48:08.0197 8092 s3cap - ok 08:48:08.0200 8092 SamSs - ok 08:48:08.0202 8092 sbp2port - ok 08:48:08.0205 8092 SCardSvr - ok 08:48:08.0208 8092 scfilter - ok 08:48:08.0211 8092 Schedule - ok 08:48:08.0214 8092 SCPolicySvc - ok 08:48:08.0217 8092 sdbus - ok 08:48:08.0220 8092 SDRSVC - ok 08:48:08.0222 8092 secdrv - ok 08:48:08.0225 8092 seclogon - ok 08:48:08.0234 8092 SENS - ok 08:48:08.0243 8092 SensrSvc - ok 08:48:08.0249 8092 Serenum - ok 08:48:08.0252 8092 Serial - ok 08:48:08.0256 8092 sermouse - ok 08:48:08.0263 8092 SessionEnv - ok 08:48:08.0268 8092 sffdisk - ok 08:48:08.0271 8092 sffp_mmc - ok 08:48:08.0274 8092 sffp_sd - ok 08:48:08.0277 8092 sfloppy - ok 08:48:08.0289 8092 SharedAccess - ok 08:48:08.0292 8092 ShellHWDetection - ok 08:48:08.0295 8092 Shockprf - ok 08:48:08.0304 8092 SiSRaid2 - ok 08:48:08.0307 8092 SiSRaid4 - ok 08:48:08.0310 8092 Smb - ok 08:48:08.0313 8092 smihlp - ok 08:48:08.0320 8092 SNMPTRAP - ok 08:48:08.0322 8092 spldr - ok 08:48:08.0325 8092 Spooler - ok 08:48:08.0328 8092 sppsvc - ok 08:48:08.0332 8092 sppuinotify - ok 08:48:08.0334 8092 srv - ok 08:48:08.0337 8092 srv2 - ok 08:48:08.0344 8092 SrvHsfHDA - ok 08:48:08.0347 8092 SrvHsfV92 - ok 08:48:08.0350 8092 SrvHsfWinac - ok 08:48:08.0352 8092 srvnet - ok 08:48:08.0355 8092 SSDPSRV - ok 08:48:08.0358 8092 SstpSvc - ok 08:48:08.0361 8092 stexstor - ok 08:48:08.0364 8092 StillCam - ok 08:48:08.0367 8092 stisvc - ok 08:48:08.0370 8092 storflt - ok 08:48:08.0372 8092 StorSvc - ok 08:48:08.0375 8092 storvsc - ok 08:48:08.0378 8092 SUService - ok 08:48:08.0384 8092 svcGenericHost - ok 08:48:08.0387 8092 swenum - ok 08:48:08.0391 8092 SwitchBoard - ok 08:48:08.0394 8092 swprv - ok 08:48:08.0397 8092 SynTP - ok 08:48:08.0400 8092 SysMain - ok 08:48:08.0403 8092 TabletInputService - ok 08:48:08.0406 8092 TapiSrv - ok 08:48:08.0409 8092 TBS - ok 08:48:08.0412 8092 Tcpip - ok 08:48:08.0415 8092 TCPIP6 - ok 08:48:08.0419 8092 tcpipreg - ok 08:48:08.0424 8092 TDPIPE - ok 08:48:08.0427 8092 TDTCP - ok 08:48:08.0431 8092 tdx - ok 08:48:08.0435 8092 TermDD - ok 08:48:08.0438 8092 TermService - ok 08:48:08.0442 8092 Themes - ok 08:48:08.0446 8092 ThinkVantage Registry Monitor Service - ok 08:48:08.0450 8092 THREADORDER - ok 08:48:08.0453 8092 tmactmon - ok 08:48:08.0460 8092 TMBMServer - ok 08:48:08.0463 8092 tmcomm - ok 08:48:08.0467 8092 tmevtmgr - ok 08:48:08.0478 8092 TmFilter - ok 08:48:08.0481 8092 tmlisten - ok 08:48:08.0499 8092 TmPreFilter - ok 08:48:08.0503 8092 TmProxy - ok 08:48:08.0506 8092 tmtdi - ok 08:48:08.0518 8092 TPDIGIMN - ok 08:48:08.0520 8092 TPHDEXLGSVC - ok 08:48:08.0523 8092 TPHKSVC - ok 08:48:08.0535 8092 TPM - ok 08:48:08.0538 8092 TPPWRIF - ok 08:48:08.0541 8092 TrkWks - ok 08:48:08.0544 8092 TrustedInstaller - ok 08:48:08.0548 8092 tssecsrv - ok 08:48:08.0552 8092 TsUsbFlt - ok 08:48:08.0568 8092 tunnel - ok 08:48:08.0571 8092 TurboB - ok 08:48:08.0574 8092 TurboBoost - ok 08:48:08.0577 8092 TVT Backup Service - ok 08:48:08.0580 8092 TVTI2C - ok 08:48:08.0583 8092 uagp35 - ok 08:48:08.0586 8092 udfs - ok 08:48:08.0591 8092 UI0Detect - ok 08:48:08.0595 8092 UleadBurningHelper - ok 08:48:08.0608 8092 uliagpkx - ok 08:48:08.0611 8092 umbus - ok 08:48:08.0614 8092 UmPass - ok 08:48:08.0617 8092 UmRdpService - ok 08:48:08.0619 8092 UNS - ok 08:48:08.0623 8092 upnphost - ok 08:48:08.0630 8092 USBAAPL64 - ok 08:48:08.0633 8092 usbccgp - ok 08:48:08.0636 8092 usbcir - ok 08:48:08.0639 8092 usbehci - ok 08:48:08.0642 8092 usbhub - ok 08:48:08.0646 8092 usbohci - ok 08:48:08.0648 8092 usbprint - ok 08:48:08.0651 8092 USBSTOR - ok 08:48:08.0654 8092 usbuhci - ok 08:48:08.0665 8092 usbvideo - ok 08:48:08.0668 8092 UxSms - ok 08:48:08.0670 8092 VaultSvc - ok 08:48:08.0680 8092 vdrvroot - ok 08:48:08.0685 8092 vds - ok 08:48:08.0689 8092 vga - ok 08:48:08.0693 8092 VgaSave - ok 08:48:08.0697 8092 vhdmp - ok 08:48:08.0701 8092 viaide - ok 08:48:08.0704 8092 vmbus - ok 08:48:08.0708 8092 VMBusHID - ok 08:48:08.0712 8092 volmgr - ok 08:48:08.0716 8092 volmgrx - ok 08:48:08.0720 8092 volsnap - ok 08:48:08.0725 8092 vpnagent - ok 08:48:08.0730 8092 vpnva - ok 08:48:08.0733 8092 VSApiNt - ok 08:48:08.0738 8092 vsmraid - ok 08:48:08.0742 8092 VSS - ok 08:48:08.0746 8092 vwifibus - ok 08:48:08.0755 8092 vwififlt - ok 08:48:08.0759 8092 W32Time - ok 08:48:08.0764 8092 WacomPen - ok 08:48:08.0768 8092 WANARP - ok 08:48:08.0779 8092 Wanarpv6 - ok 08:48:08.0787 8092 WatAdminSvc - ok 08:48:08.0791 8092 wbengine - ok 08:48:08.0795 8092 WbioSrvc - ok 08:48:08.0798 8092 wcncsvc - ok 08:48:08.0802 8092 WcsPlugInService - ok 08:48:08.0806 8092 Wd - ok 08:48:08.0810 8092 Wdf01000 - ok 08:48:08.0814 8092 WdiServiceHost - ok 08:48:08.0818 8092 WdiSystemHost - ok 08:48:08.0821 8092 WebClient - ok 08:48:08.0825 8092 Wecsvc - ok 08:48:08.0829 8092 wercplsupport - ok 08:48:08.0839 8092 WerSvc - ok 08:48:08.0843 8092 WfpLwf - ok 08:48:08.0847 8092 WIMMount - ok 08:48:08.0851 8092 winachsf - ok 08:48:08.0855 8092 WinDefend - ok 08:48:08.0861 8092 WinHttpAutoProxySvc - ok 08:48:08.0865 8092 Winmgmt - ok 08:48:08.0868 8092 WinRing0_1_2_0 - ok 08:48:08.0873 8092 WinRM - ok 08:48:08.0880 8092 WinUsb - ok 08:48:08.0884 8092 Wlansvc - ok 08:48:08.0888 8092 wlcrasvc - ok 08:48:08.0891 8092 wlidsvc - ok 08:48:08.0896 8092 WmiAcpi - ok 08:48:08.0901 8092 wmiApSrv - ok 08:48:08.0905 8092 WMPNetworkSvc - ok 08:48:08.0941 8092 WMZuneComm - ok 08:48:08.0948 8092 WPCSvc - ok 08:48:08.0954 8092 WPDBusEnum - ok 08:48:08.0960 8092 ws2ifsl - ok 08:48:08.0969 8092 wscsvc - ok 08:48:08.0973 8092 WSearch - ok 08:48:08.0978 8092 wuauserv - ok 08:48:08.0981 8092 WudfPf - ok 08:48:08.0984 8092 WUDFRd - ok 08:48:08.0987 8092 wudfsvc - ok 08:48:08.0990 8092 WwanSvc - ok 08:48:08.0993 8092 XAudio - ok 08:48:08.0998 8092 ZuneNetworkSvc - ok 08:48:09.0001 8092 ZuneWlanCfgSvc - ok 08:48:09.0037 8092 ================ Scan global =============================== 08:48:09.0038 8092 [Global] - ok 08:48:09.0039 8092 ================ Scan MBR ================================== 08:48:09.0060 8092 [ CDAD75D3EC5E1B28A473CCFC6744F488 ] \Device\Harddisk0\DR0 08:48:09.0202 8092 \Device\Harddisk0\DR0 - ok 08:48:09.0207 8092 [ 8464D19686910A2E5D0E5C28C70A95AB ] \Device\Harddisk1\DR1 08:48:09.0215 8092 \Device\Harddisk1\DR1 - ok 08:48:09.0216 8092 ================ Scan VBR ================================== 08:48:09.0230 8092 [ FE19E7DA9B62030FC3AFD08FA6B0AF8B ] \Device\Harddisk0\DR0\Partition1 08:48:09.0230 8092 \Device\Harddisk0\DR0\Partition1 - ok 08:48:09.0244 8092 [ 405733900A3B9D5FE0A587752BB69B6E ] \Device\Harddisk0\DR0\Partition2 08:48:09.0244 8092 \Device\Harddisk0\DR0\Partition2 - ok 08:48:09.0274 8092 [ 6E867FD1EBEA65EEE887B8FFE2138BC7 ] \Device\Harddisk0\DR0\Partition3 08:48:09.0275 8092 \Device\Harddisk0\DR0\Partition3 - ok 08:48:09.0280 8092 [ 27A125B82848D7DE4BC0F6772A187D22 ] \Device\Harddisk1\DR1\Partition1 08:48:09.0282 8092 \Device\Harddisk1\DR1\Partition1 - ok 08:48:09.0283 8092 ============================================================ 08:48:09.0283 8092 Scan finished 08:48:09.0283 8092 ============================================================ 08:48:09.0302 8224 Detected object count: 0 08:48:09.0302 8224 Actual detected object count: 0 ---COMBOFIX--- ComboFix 13-05-22.01 - Ken 05/22/2013 21:53:16.2.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16316.13440 [GMT -7:00] Running from: c:\users\Ken\Desktop\ComboFix.exe AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Installer\{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}\Icon6560581611.exe . . ((((((((((((((((((((((((( Files Created from 2013-04-23 to 2013-05-23 ))))))))))))))))))))))))))))))) . . 2013-05-23 05:12 . 2013-05-23 05:12 -------- d-----w- c:\users\Sodexo\AppData\Local\temp 2013-05-23 05:12 . 2013-05-23 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-23 04:55 . 2013-05-23 04:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FC2F7BB-844B-4475-A04F-90803C6E8D66}\offreg.dll 2013-05-22 20:11 . 2013-05-22 20:11 -------- d-----w- c:\program files (x86)\7-Zip 2013-05-21 10:02 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FC2F7BB-844B-4475-A04F-90803C6E8D66}\mpengine.dll 2013-05-17 16:46 . 2013-05-17 16:46 -------- d-----w- c:\program files\iPod 2013-05-17 16:46 . 2013-05-17 16:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-17 16:46 . 2013-05-17 16:47 -------- d-----w- c:\program files\iTunes 2013-05-17 16:46 . 2013-05-17 16:47 -------- d-----w- c:\program files (x86)\iTunes 2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2013-05-17 16:40 . 2013-05-17 16:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2013-05-17 16:40 . 2013-05-17 16:40 -------- d-----w- c:\program files (x86)\QuickTime 2013-05-15 19:06 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-15 19:06 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-15 19:06 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-15 18:02 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 18:02 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 18:02 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-15 18:02 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-15 18:02 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-15 18:02 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-15 18:02 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-15 18:02 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 18:02 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-15 18:01 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-15 18:01 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-15 18:01 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-14 19:16 . 2013-05-14 19:17 -------- d-----w- c:\users\Ken\AppData\Local\Amazon Cloud Player 2013-05-14 18:18 . 2013-05-15 19:46 -------- d-----r- c:\users\Ken\Podcasts 2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN 2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP 2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR 2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT 2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL 2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT 2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE 2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR 2013-05-14 17:56 . 2013-05-14 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES 2013-05-14 17:55 . 2013-05-14 17:55 -------- d-----w- c:\windows\system32\ms-MY 2013-05-14 17:55 . 2013-05-14 17:57 -------- d-----w- c:\program files\Zune 2013-05-09 18:02 . 2013-05-09 18:02 -------- d-----w- c:\users\Ken\467D5E81834948929E81C3674ED8E451.TMP 2013-05-09 17:10 . 2013-05-09 17:10 -------- d-----w- c:\users\Ken\AppData\Roaming\Malwarebytes 2013-05-09 17:09 . 2013-05-09 17:09 -------- d-----w- c:\programdata\Malwarebytes 2013-05-09 17:09 . 2013-05-09 17:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-05-09 17:09 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-09 17:09 . 2013-05-09 17:09 -------- d-----w- c:\users\Ken\AppData\Local\Programs 2013-05-09 14:53 . 2013-05-09 15:06 -------- d-----w- c:\programdata\HitmanPro 2013-05-07 22:06 . 2013-05-07 22:06 119808 ----a-r- c:\users\Ken\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2013-05-02 04:34 . 2013-05-10 20:56 -------- d-----w- c:\users\Ken\AppData\Local\gtk-2.0 2013-05-01 17:52 . 2013-05-01 17:52 -------- d-----w- c:\program files\Microsoft Network Monitor 3 2013-04-30 17:59 . 2013-05-09 22:27 -------- d-----w- c:\users\Ken\AppData\Roaming\Wireshark 2013-04-30 17:45 . 2013-04-30 17:45 -------- d-----w- c:\program files (x86)\WinPcap 2013-04-30 17:39 . 2013-04-30 17:45 -------- d-----w- c:\program files\Wireshark 2013-04-29 22:58 . 2013-04-29 22:58 -------- d-----w- c:\users\Ken\AppData\Local\Macromedia 2013-04-28 01:51 . 2013-04-28 01:51 -------- d-----w- c:\program files (x86)\Fiddler2 2013-04-25 18:51 . 2013-04-25 19:01 -------- d-----w- c:\users\Ken\AppData\Roaming\Notepad++ 2013-04-25 18:51 . 2013-04-25 18:51 -------- d-----w- c:\program files (x86)\Notepad++ 2013-04-24 17:34 . 2013-04-24 17:34 -------- d-----w- c:\users\Ken\AppData\Local\Mozilla 2013-04-24 17:34 . 2013-04-10 06:58 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2013-04-24 17:34 . 2013-04-10 06:58 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-04-24 17:10 . 2013-04-24 17:10 -------- d-----w- c:\program files\PGP Corporation 2013-04-24 16:29 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-23 22:32 . 2013-04-23 22:32 -------- d-----w- c:\program files\CPUID . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-17 17:12 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-15 19:13 . 2013-03-16 13:57 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-02 09:06 . 2013-03-16 05:51 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-29 22:57 . 2013-04-19 02:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-29 22:57 . 2013-04-19 02:55 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-24 17:10 . 2013-03-16 15:49 135198 ----a-w- c:\windows\SysWow64\PGPlspRollback.reg 2013-04-13 05:49 . 2013-05-15 18:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 18:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 18:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 18:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 18:02 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 18:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-26 16:35 . 2013-03-26 16:36 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-26 16:35 . 2013-03-26 16:36 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-25 21:58 . 2013-03-25 21:58 53248 ----a-r- c:\users\Ken\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2013-03-25 21:57 . 2013-03-25 21:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2013-03-19 06:04 . 2013-04-10 08:07 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 08:07 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 08:07 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 08:07 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 08:07 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 08:07 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-18 07:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2013-03-18 07:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2013-03-16 06:31 . 2013-03-16 06:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-03-16 06:31 . 2013-03-16 06:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-03-16 06:31 . 2013-03-16 06:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-16 06:31 . 2013-03-16 06:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-03-16 06:31 . 2013-03-16 06:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-03-16 06:31 . 2013-03-16 06:31 65024 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-16 06:31 . 2013-03-16 06:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-16 06:31 . 2013-03-16 06:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-16 06:31 . 2013-03-16 06:31 367104 ----a-w- c:\windows\SysWow64\html.iec 2013-03-16 06:31 . 2013-03-16 06:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-16 06:31 . 2013-03-16 06:31 267776 ----a-w- c:\windows\system32\ieaksie.dll 2013-03-16 06:31 . 2013-03-16 06:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-16 06:31 . 2013-03-16 06:31 222208 ----a-w- c:\windows\system32\msls31.dll 2013-03-16 06:31 . 2013-03-16 06:31 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-16 06:31 . 2013-03-16 06:31 163840 ----a-w- c:\windows\system32\ieakui.dll 2013-03-16 06:31 . 2013-03-16 06:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-16 06:31 . 2013-03-16 06:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-16 06:31 . 2013-03-16 06:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-16 06:31 . 2013-03-16 06:31 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-16 06:31 . 2013-03-16 06:31 12288 ----a-w- c:\windows\system32\mshta.exe 2013-03-16 06:31 . 2013-03-16 06:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-16 06:31 . 2013-03-16 06:31 114176 ----a-w- c:\windows\system32\admparse.dll 2013-03-16 06:31 . 2013-03-16 06:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-16 06:31 . 2013-03-16 06:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2013-03-16 06:31 . 2013-03-16 06:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-16 06:31 . 2013-03-16 06:31 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2013-03-16 06:31 . 2013-03-16 06:31 85504 ----a-w- c:\windows\system32\iesetup.dll 2013-03-16 06:31 . 2013-03-16 06:31 82432 ----a-w- c:\windows\system32\icardie.dll 2013-03-16 06:31 . 2013-03-16 06:31 76800 ----a-w- c:\windows\system32\tdc.ocx 2013-03-16 06:31 . 2013-03-16 06:31 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-16 06:31 . 2013-03-16 06:31 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-16 06:31 . 2013-03-16 06:31 49664 ----a-w- c:\windows\system32\imgutil.dll 2013-03-16 06:31 . 2013-03-16 06:31 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-16 06:31 . 2013-03-16 06:31 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-16 06:31 . 2013-03-16 06:31 448512 ----a-w- c:\windows\system32\html.iec 2013-03-16 06:31 . 2013-03-16 06:31 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-16 06:31 . 2013-03-16 06:31 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-03-16 06:31 . 2013-03-16 06:31 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-16 06:31 . 2013-03-16 06:31 30720 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-16 06:31 . 2013-03-16 06:31 282112 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-16 06:31 . 2013-03-16 06:31 249344 ----a-w- c:\windows\system32\webcheck.dll 2013-03-16 06:31 . 2013-03-16 06:31 165888 ----a-w- c:\windows\system32\iexpress.exe 2013-03-16 06:31 . 2013-03-16 06:31 160256 ----a-w- c:\windows\system32\wextract.exe 2013-03-16 06:31 . 2013-03-16 06:31 160256 ----a-w- c:\windows\system32\ieakeng.dll 2013-03-16 06:31 . 2013-03-16 06:31 145920 ----a-w- c:\windows\system32\iepeers.dll 2013-03-16 06:31 . 2013-03-16 06:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-16 06:31 . 2013-03-16 06:31 111616 ----a-w- c:\windows\system32\iesysprep.dll 2013-03-16 06:31 . 2013-03-16 06:31 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-16 06:31 . 2013-03-16 06:31 103936 ----a-w- c:\windows\system32\inseng.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IconOverlayHandlerAccessible] @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}" [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}] 2013-02-02 00:18 1196640 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SacReminderHDDV2"="c:\programdata\OfficeGuardianV2\reminder\SacReminder.exe" [2012-06-28 464752] "OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680] "Amazon Cloud Player"="c:\users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-05-10 3086656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-03-19 2112536] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152] "Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2013-04-10 5164712] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Agent Assistant.lnk - c:\program files\EVault Software\Agent Assistant\Maestro.exe [2011-2-17 286720] PGP Tray.lnk - c:\windows\Installer\{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}\Icon6560581611.exe [N/A] Wall Watcher.lnk - c:\ww\WallWatcher.exe [2013-3-17 476160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;c:\programdata\OfficeGuardianV2\UACProxy.exe [2012-06-28 83824] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-15 163072] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-08-24 164200] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-02-26 31152] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-24 75112] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-16 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Ken\Downloads\RealTemp_370\WinRing0x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2010-08-24 30320] S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2013-02-02 182632] S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [2013-02-02 16320] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-06-16 23664] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400] S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-10 46392] S2 EMSAgent;Maas360 Visibility Service;c:\program files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe [2011-02-18 378216] S2 EVault InfoStage Agent;EVault Software Agent;c:\program files\EVault Software\Agent\VVAgent.exe [2011-04-01 6488576] S2 EVault InfoStage BUAgent;EVault Software BUAgent;c:\program files\EVault Software\Agent\buagent.exe [2011-04-01 10013184] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800] S2 PGP RDD Service;PGP RDD Service;c:\program files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2013-02-02 1589528] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840] S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-01-11 50208] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-07-17 344376] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2012-07-17 42808] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088] S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-09-09 106408] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-06-22 295088] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2013-01-03 79240] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2013-01-03 15752] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224] S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-10-30 65872] S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-08-09 918064] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-21 18:17 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.93\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 20:05] . 2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 20:05] . 2013-05-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2010-11-12 01:34] . 2013-05-23 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\pcdrcui.exe [2010-11-12 01:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IconOverlayHandlerAccessible] @="{3DBF5F01-3287-46EB-82CF-45AA5C241162}" [HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}] 2013-02-02 00:19 1983024 ----a-w- c:\windows\System32\PGPfsshl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "TpShocks"="TpShocks.exe" [2010-07-02 380776] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.sodexousa.com/defaulthome mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\PGPlsp.dll Trusted Zone: MarketConnection.com Trusted Zone: MarketConnection.com\www Trusted Zone: MySodexho.com Trusted Zone: MySodexho.com\www Trusted Zone: MySodexo.com Trusted Zone: MySodexo.com\www Trusted Zone: Sodexo.com Trusted Zone: Sodexo.com\www TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F}: NameServer = 8.8.8.8,8.8.4.4 DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cab FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\20fk60vm.default\ FF - ExtSQL: 2013-03-25 14:57; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt FF - ExtSQL: 2013-04-27 18:51; fiddlerhook@fiddler2.com; c:\program files (x86)\Fiddler2\FiddlerHook . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-22 22:38:35 ComboFix-quarantined-files.txt 2013-05-23 05:38 ComboFix2.txt 2013-05-23 04:29 . Pre-Run: 112,818,311,168 bytes free Post-Run: 112,736,075,776 bytes free . - - End Of File - - EEF08E3A9F09CBB82076FED08D748DFE
  14. Hi DFB, Thanks for the welcome and thank you very much for evaluating the logs. I discovered during the scans that perhaps I am going to have to reinstall the OS - MBAR was unable to complete because corruption or encryption - I'm guessing the latter as the comp is running pgp. Then I couldn't turn off trend micro (pw req'd) so it alerted during combofix. If you think there's still an opportunity to proceed, I'll happily oblige. Otherwise I'd hate to use any further of your's and the community's time. Again, thanks for your help - even if ends here, I appreciate it.
  15. Hi there - comp was recently re-imaged due to MBR problem and had trend micro alert that some access to a website was blocked so installed malwarebytes to check it out, but came up empty. Malwarebytes is alerting that outgoing traffic is being blocked (e.g., IP-BLOCK 60.173.8.247 (Type: outgoing, Port: 137)) Thanks for your assistance! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16483 Run by Ken at 10:38:00 on 2013-05-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16316.10483 [GMT -7:00] . AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\WUDFHost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\ProgramData\OfficeGuardianV2\UACProxy.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe C:\Program Files\EVault Software\Agent\VVAgent.exe C:\Program Files\EVault Software\Agent\buagent.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\Windows\system32\taskhost.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNTMon.exe C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe C:\Users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe C:\Program Files\EVault Software\Agent Assistant\Maestro.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Windows\system32\rundll32.exe C:\Program Files\Lenovo\SimpleTap\GestureLauncher.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe C:\ww\WallWatcher.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe c:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE C:\Windows\splwow64.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe C:\Program Files (x86)\FileZilla FTP Client\fzsftp.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\sysWow64\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sodexousa.com/defaulthome uDefault_Page_URL = hxxp://lenovo.msn.com mWinlogon: Userinit = userinit.exe BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart uRun: [sacReminderHDDV2] C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe uRun: [Amazon Cloud Player] C:\Users\Ken\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AGENTA~1.LNK - C:\Program Files\EVault Software\Agent Assistant\Maestro.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\Windows\Installer\{3F32670E-45AE-4B23-AE86-CB21FAF19DDF}\Icon6560581611.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WALLWA~1.LNK - C:\ww\WallWatcher.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: dontdisplaylastusername = dword:1 IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll LSP: C:\Windows\System32\PGPlsp.dll Trusted Zone: MarketConnection.com Trusted Zone: MySodexho.com Trusted Zone: MySodexo.com Trusted Zone: Sodexo.com DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{DB9C2C14-351E-4EA1-AE5B-53CE461ECF3F} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= PGPmapih.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina PGPpwflt mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging -- system-level --multi-install --chrome x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe x64-Run: [TpShocks] TpShocks.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 107.21.133.199 example.sodexomyway.tahzoo.net ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\20fk60vm.default\ FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npatgpc.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-03-25 14:57; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF - ExtSQL: 2013-04-27 18:51; fiddlerhook@fiddler2.com; C:\Program Files (x86)\Fiddler2\FiddlerHook . ============= SERVICES / DRIVERS =============== . R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2011-2-25 30320] R0 pgpfs;PGP File Sharing;C:\Windows\System32\drivers\PGPfsfd.sys [2013-2-1 182632] R0 Pgpwdefs;Pgpwdefs;C:\Windows\System32\drivers\PGPwdefs.sys [2013-2-1 16320] R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-6-16 23664] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-7-30 15400] R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392] R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;C:\ProgramData\OfficeGuardianV2\UACProxy.exe [2013-3-27 83824] R2 EMSAgent;Maas360 Visibility Service;C:\Program Files (x86)\MaaS360\MaaS360 Visibility Service\EMSAgent.exe [2011-2-17 378216] R2 EVault InfoStage Agent;EVault Software Agent;C:\Program Files\EVault Software\Agent\VVAgent.exe [2011-3-31 6488576] R2 EVault InfoStage BUAgent;EVault Software BUAgent;C:\Program Files\EVault Software\Agent\buagent.exe [2011-3-31 10013184] R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-2-25 50536] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-7-30 45496] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-2-25 74088] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-7-30 93032] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-9 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-9 701512] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-4-30 6237800] R2 PGP RDD Service;PGP RDD Service;C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2013-2-1 1589528] R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-2-25 61952] R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840] R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-1-11 50208] R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-7-17 344376] R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2012-7-17 42808] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-7-30 63928] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-9-29 12728] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-25 2533400] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-9-9 475088] R3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-9-9 106408] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-2-25 292864] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-2-25 295088] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-25 56344] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-9 25928] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224] R3 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-3-17 65872] R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-8-8 918064] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2009-10-8 41536] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-2-25 163072] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-25 35104] S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-2-25 164200] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-2-25 31152] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-2-25 75112] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-17 59392] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-16 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-05-18 07:41:15 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5741861F-D98B-483A-B16A-5FC9FD903EC3}\offreg.dll 2013-05-17 16:46:45 -------- d-----w- C:\Program Files\iPod 2013-05-17 16:46:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-17 16:46:44 -------- d-----w- C:\Program Files\iTunes 2013-05-17 16:46:44 -------- d-----w- C:\Program Files (x86)\iTunes 2013-05-17 16:40:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2013-05-17 16:40:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2013-05-17 16:40:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2013-05-17 16:40:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2013-05-17 12:32:21 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5741861F-D98B-483A-B16A-5FC9FD903EC3}\mpengine.dll 2013-05-15 19:06:12 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-15 19:06:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-15 18:02:20 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-15 18:02:20 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-05-15 18:02:20 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-05-15 18:02:11 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-05-15 18:02:11 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-05-15 18:02:11 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-05-15 18:02:11 111448 ----a-w- C:\Windows\System32\consent.exe 2013-05-15 18:01:43 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-05-15 18:01:43 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-05-15 18:01:42 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-05-14 19:16:35 -------- d-----w- C:\Users\Ken\AppData\Local\Amazon Cloud Player 2013-05-14 18:18:28 -------- d-----r- C:\Users\Ken\Podcasts 2013-05-14 17:56:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN 2013-05-14 17:56:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP 2013-05-14 17:56:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR 2013-05-14 17:56:52 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT 2013-05-14 17:56:50 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL 2013-05-14 17:56:48 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT 2013-05-14 17:56:46 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE 2013-05-14 17:56:44 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR 2013-05-14 17:56:42 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES 2013-05-14 17:55:52 -------- d-----w- C:\Windows\System32\ms-MY 2013-05-09 18:02:33 -------- d-----w- C:\Users\Ken\467D5E81834948929E81C3674ED8E451.TMP 2013-05-09 17:10:04 -------- d-----w- C:\Users\Ken\AppData\Roaming\Malwarebytes 2013-05-09 17:09:39 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-09 17:09:35 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-09 17:09:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-09 17:09:22 -------- d-----w- C:\Users\Ken\AppData\Local\Programs 2013-05-09 14:53:40 -------- d-----w- C:\ProgramData\HitmanPro 2013-05-07 22:06:23 119808 ----a-r- C:\Users\Ken\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2013-05-02 04:34:20 -------- d-----w- C:\Users\Ken\AppData\Local\gtk-2.0 2013-05-01 17:52:58 -------- d-----w- C:\Program Files\Microsoft Network Monitor 3 2013-04-30 17:59:28 -------- d-----w- C:\Users\Ken\AppData\Roaming\Wireshark 2013-04-30 17:45:21 -------- d-----w- C:\Program Files (x86)\WinPcap 2013-04-30 17:39:18 -------- d-----w- C:\Program Files\Wireshark 2013-04-29 22:58:46 -------- d-----w- C:\Users\Ken\AppData\Local\Macromedia 2013-04-28 01:51:30 -------- d-----w- C:\Program Files (x86)\Fiddler2 2013-04-24 17:34:59 -------- d-----w- C:\Users\Ken\AppData\Local\Mozilla 2013-04-24 17:34:49 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2013-04-24 17:34:45 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-04-24 17:10:43 -------- d-----w- C:\Program Files\PGP Corporation 2013-04-24 16:29:47 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-23 22:32:35 -------- d-----w- C:\Program Files\CPUID . ==================== Find3M ==================== . 2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-29 22:57:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-29 22:57:27 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-04-24 17:10:55 135198 ----a-w- C:\Windows\SysWow64\PGPlspRollback.reg 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-03-26 16:35:41 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-26 16:35:41 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-25 21:57:56 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-18 07:49:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2013-03-18 07:49:32 175616 ----a-w- C:\Windows\System32\msclmd.dll . ============= FINISH: 10:39:15.07 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/8/2011 9:42:04 AM System Uptime: 5/17/2013 10:09:59 AM (72 hours ago) . Motherboard: LENOVO | | 43192RU Processor: Intel® Core i7 CPU Q 820 @ 1.73GHz | None | 1734/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 287 GiB total, 102.129 GiB free. D: is CDROM () F: is FIXED (FAT32) - 466 GiB total, 262.018 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet Pro L7600 Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet Pro L7600 PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0001 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0001 Service: CVirtA . ==== System Restore Points =================== . RP63: 5/14/2013 3:56:14 AM - Windows Update RP65: 5/14/2013 10:54:41 AM - Installed Zune 4.8 RP66: 5/15/2013 12:03:11 PM - Windows Update . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer 7500_7600_7700_Help1 Access Help Adobe Acrobat 9 Pro Adobe Acrobat 9.2.0 - CPSID_50026 Adobe AIR Adobe Community Help Adobe Creative Suite 5 Web Premium Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Reader 9.2 Amazon Cloud Player Apple Application Support Apple Mobile Device Support Apple Software Update Bing Bar Bing Rewards Client Installer Bonjour bpd_scan_Carrier BPDSoftware BPDSoftware_Ini BufferChm Burn.Now 4.5 Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Cisco Systems VPN Client 5.0.07.0290 Cisco WebEx Meetings Client Security - Password Manager Conexant 20585 SmartAudio HD Corel Burn.Now Lenovo Edition Corel DVD MovieFactory 7 Corel DVD MovieFactory Lenovo Edition Create Recovery Media D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Direct DiscRecorder Disable AMT Profile Synchronization Pop-up for Windows Vista/7 Dropbox eReg EVault Software Agent Extend360 Enforcement Agent Fiddler FileZilla Client 3.6.0.2 Google Chrome Google Update Helper HP OfficeJet L7300/L7500/7600/7700 hueyPRO for Lenovo (Version 1.2.4.1) IE Block for 9 and 10 Integrated Camera Driver Installer Package Ver.1.1.0.19 Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Monitor InterVideo WinDVD 8 iTunes Java 7 Update 17 Java Auto Updater join.me Junk Mail filter update L7000_Basic Lenovo Auto Scroll Utility Lenovo SimpleTap Lenovo System Interface Driver Lenovo ThinkVantage Toolbox Lenovo Warranty Information Lenovo Welcome Logitech SetPoint 6.52 MaaS360 Software Uninstall Utility MaaS360 Visibility Service Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Message Center Plus Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Network Monitor 3.4 Microsoft Network Monitor: NetworkMonitor Parsers 3.4 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Communicator 2007 R2 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Touch Pack for Windows 7 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 3.0 Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Mobile Broadband Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.5 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NEC Electronics USB 3.0 Host Controller Driver Network64 Notepad++ NVIDIA Display Control Panel NVIDIA Drivers NVIDIA Performance Drivers On Screen Display OpenDNS Updater 2.2.1 PDF Settings CS5 QuickTime Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 Rescue and Recovery RICOH R5U230 Media Driver ver.2.06.02.02 Safari Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Symantec Encryption Desktop System Update ThinkPad Bluetooth with Enhanced Data Rate Software ThinkPad FullScreen Magnifier ThinkPad Modem Adapter ThinkPad Power Management Driver ThinkPad Power Manager ThinkPad UltraNav Driver ThinkPad UltraNav Utility ThinkVantage Access Connections ThinkVantage Active Protection System ThinkVantage Communications Utility ThinkVantage Fingerprint Software Toolbox Trend Micro Client/Server Security Agent Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition WallWatcher WebReg Windows 7 USB/DVD Download Tool Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Driver Package - Intel (e1kexpress) Net (06/22/2010 11.5.10.1012) Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179) Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Mobile Device Updater Component WinPcap 4.1.2 Wireshark 1.8.6 (64-bit) Zune Zune Language Pack (CHS) Zune Language Pack (CHT) Zune Language Pack (CSY) Zune Language Pack (DAN) Zune Language Pack (DEU) Zune Language Pack (ELL) Zune Language Pack (ESP) Zune Language Pack (FIN) Zune Language Pack (FRA) Zune Language Pack (HUN) Zune Language Pack (IND) Zune Language Pack (ITA) Zune Language Pack (JPN) Zune Language Pack (KOR) Zune Language Pack (MSL) Zune Language Pack (NLD) Zune Language Pack (NOR) Zune Language Pack (PLK) Zune Language Pack (PTB) Zune Language Pack (PTG) Zune Language Pack (RUS) Zune Language Pack (SVE) . ==== Event Viewer Messages From Past Week ======== . 5/20/2013 6:56:42 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 5/17/2013 10:13:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 5/17/2013 10:11:26 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "0024D7910DD0" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. 5/15/2013 9:49:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 5/15/2013 9:41:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 5/15/2013 9:41:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 5/15/2013 9:40:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/15/2013 9:40:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/15/2013 9:40:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 5/15/2013 9:40:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 5/15/2013 9:40:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/15/2013 9:40:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/15/2013 9:37:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache lenovo.smi NetBIOS NetBT nm3 nsiproxy PGPsdkDriver Psched rdbss spldr tdx tmcomm tmtdi TPPWRIF vwififlt Wanarpv6 WfpLwf 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent Listener service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/15/2013 9:37:12 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/15/2013 6:17:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. 5/15/2013 6:17:51 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/15/2013 6:17:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} 5/15/2013 2:12:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 5/15/2013 2:11:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.