Jump to content

tarnhelm

Honorary Members
  • Posts

    54
  • Joined

  • Last visited

Everything posted by tarnhelm

  1. thanks, here is the next round of logs. I reinstalled the latest java. tfc did not create a log but removed a ton of temporary files. Phil is it worth removing and reinstalling IE? JavaRa.log Fixlog.txt
  2. here are the roguekiller results thanks RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : pat [Admin rights]Mode : Scan -- Date : 07/27/2014 20:47:20 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2118590195-3291819304-2479980504-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2118590195-3291819304-2479980504-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD3200BEKT-08PVMT1 +++++--- User ---[MBR] 8799a641d6fd15ce1ff9782f18871e6f[bSP] a72c205a5f5144384db122bd869a1575 : HP MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 294043 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: WD 2500BMV External USB Device +++++--- User ---[MBR] 27046bfed13eaece99dd9ad462b0a665[bSP] d0ec2211ba2260ee6d54a28c5292c11f : Windows XP MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 238472 MBUser = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. )
  3. I have been advise to report a possible infection. the symptom is only that pictures do not display in internet explorer but do show up in Chrome. malwarebytes reports no infection here is the result of farbar recovery tool Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014Ran by pat (administrator) on HOTTERSTILL on 09-06-2014 21:38:22Running from C:\Users\pat\DownloadsPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Lenovo.) C:\Windows\System32\TpShocks.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGMA.EXE(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGMA.EXE(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 6\PdfPro6Hook.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-11-23] (RealNetworks, Inc.)HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitorHKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Professional 6\pdfpro6hook.exe [1275168 2009-07-27] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PDF6 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-07-27] (Nuance Communications, Inc.)HKLM-x32\...\Run: [Nuance PDF Professional 6-reminder] => C:\Program Files (x86)\Nuance\PDF Professional 6\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.)HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)HKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\Run: [WorkForce 840(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\Run: [HP Laser printer] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\Run: [Eye-Fi] => "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"HKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\Run: [EPSON WorkForce 840 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\MountPoints2: {2eba4056-36b7-11e0-a28f-806e6f6e6963} - Q:\LenovoQDrive.exeHKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\MountPoints2: {421c2ddf-531f-11e1-a034-60eb69c97bbe} - E:\LaunchU3.exe -aHKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\MountPoints2: {fff2db79-1c1e-11e1-9b88-60eb69c97bbe} - E:\LaunchU3.exe -aLsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dllStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpadHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.comHKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB72ECE7E597ECF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {38754704-BAE8-4418-B9E6-A8E5F39D8D50} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP10EP1-16277/training/ieatgpc1.cabHandler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No FileHandler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-23] Chrome: =======CHR HomePage: hxxp://www.google.com/CHR StartupUrls: "hxxp://www.google.com/"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No FileCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-17]CHR Extension: (Google Search) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-17]CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-04-17]CHR Extension: (Google Wallet) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]CHR Extension: (Gmail) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-17]CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-23] ==================== Services (Whitelisted) ================= R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-07-27] (Nuance Communications, Inc.)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-09 21:37 - 2014-06-09 21:37 - 00000000 ____D () C:\Users\pat\Downloads\FRST-OlderVersion2014-06-09 08:45 - 2014-06-09 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2014-06-09 08:45 - 2014-06-09 08:45 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-05-28 08:24 - 2014-05-28 08:24 - 00000701 _____ () C:\Users\pat\Downloads\event.ics2014-05-18 10:08 - 2014-05-18 10:08 - 01673896 _____ (Malwarebytes Corporation) C:\Users\pat\Downloads\mbam-check-2.1.0.0002.exe2014-05-18 10:08 - 2014-05-18 10:08 - 00045109 _____ () C:\Users\pat\Desktop\CheckResults.txt2014-05-18 10:06 - 2014-05-18 10:06 - 00045677 _____ () C:\Users\pat\Downloads\Addition.txt2014-05-18 10:04 - 2014-06-09 21:38 - 00023407 _____ () C:\Users\pat\Downloads\FRST.txt2014-05-18 10:04 - 2014-06-09 21:38 - 00000000 ____D () C:\FRST2014-05-18 10:03 - 2014-06-09 21:37 - 02080768 _____ (Farbar) C:\Users\pat\Downloads\FRST64.exe2014-05-14 20:25 - 2014-05-06 01:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-14 20:25 - 2014-05-06 01:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-14 20:25 - 2014-05-05 23:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-14 20:25 - 2014-05-05 23:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-14 20:25 - 2014-05-05 23:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-14 20:25 - 2014-05-05 23:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-14 07:42 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-14 07:42 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-14 07:42 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-05-14 07:42 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2014-05-14 07:42 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-05-14 07:42 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2014-05-14 07:42 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2014-05-14 07:42 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2014-05-14 07:42 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2014-05-14 07:42 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-05-14 07:42 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-05-14 07:42 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-05-14 07:42 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-05-14 07:42 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-05-14 07:42 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-05-14 07:42 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-05-14 07:42 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-05-14 07:42 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-05-14 07:42 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-05-14 07:42 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll ==================== One Month Modified Files and Folders ======= 2014-06-09 21:39 - 2014-05-18 10:04 - 00023407 _____ () C:\Users\pat\Downloads\FRST.txt2014-06-09 21:39 - 2012-04-12 20:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-06-09 21:39 - 2011-05-17 19:20 - 00000000 ____D () C:\Users\pat\AppData\Local\Temp2014-06-09 21:38 - 2014-05-18 10:04 - 00000000 ____D () C:\FRST2014-06-09 21:37 - 2014-06-09 21:37 - 00000000 ____D () C:\Users\pat\Downloads\FRST-OlderVersion2014-06-09 21:37 - 2014-05-18 10:03 - 02080768 _____ (Farbar) C:\Users\pat\Downloads\FRST64.exe2014-06-09 21:14 - 2011-08-31 15:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-09 14:14 - 2011-08-31 15:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-09 12:13 - 2011-02-12 10:52 - 02085763 _____ () C:\Windows\WindowsUpdate.log2014-06-09 12:00 - 2011-05-18 01:07 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest2014-06-09 12:00 - 2011-05-18 01:07 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher2014-06-09 12:00 - 2011-05-18 01:07 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job2014-06-09 08:49 - 2009-07-14 00:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-06-09 08:49 - 2009-07-14 00:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-06-09 08:45 - 2014-06-09 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2014-06-09 08:45 - 2014-06-09 08:45 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-06-09 08:45 - 2014-01-27 09:30 - 00001942 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2014-06-09 08:45 - 2014-01-27 09:30 - 00000000 ____D () C:\ProgramData\McAfee Security Scan2014-06-09 08:45 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup2014-06-09 08:43 - 2012-04-22 11:20 - 00000000 ____D () C:\ProgramData\TEMP2014-06-09 08:42 - 2011-05-18 01:07 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job2014-06-09 08:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-06-09 08:42 - 2009-07-14 00:51 - 00153280 _____ () C:\Windows\setupact.log2014-06-08 09:30 - 2011-05-18 01:07 - 00004232 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask2014-05-28 08:24 - 2014-05-28 08:24 - 00000701 _____ () C:\Users\pat\Downloads\event.ics2014-05-27 20:10 - 2011-07-26 08:31 - 00000000 ____D () C:\Users\pat\AppData\Local\CrashDumps2014-05-22 08:36 - 2013-04-17 07:12 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-05-18 10:08 - 2014-05-18 10:08 - 01673896 _____ (Malwarebytes Corporation) C:\Users\pat\Downloads\mbam-check-2.1.0.0002.exe2014-05-18 10:08 - 2014-05-18 10:08 - 00045109 _____ () C:\Users\pat\Desktop\CheckResults.txt2014-05-18 10:06 - 2014-05-18 10:06 - 00045677 _____ () C:\Users\pat\Downloads\Addition.txt2014-05-16 07:59 - 2013-03-18 08:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-15 10:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-05-15 07:57 - 2011-05-17 19:25 - 00000000 ___RD () C:\Users\pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-15 07:57 - 2011-05-17 19:25 - 00000000 ___RD () C:\Users\pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-15 07:50 - 2014-04-27 21:03 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-05-15 07:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-05-14 20:27 - 2014-03-30 10:13 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-05-14 20:23 - 2013-08-14 17:41 - 00000000 ____D () C:\Windows\system32\MRT2014-05-14 20:21 - 2011-05-18 00:46 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-05-13 20:43 - 2012-04-12 20:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-05-13 20:43 - 2012-04-12 20:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-05-13 20:43 - 2011-07-18 21:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete:====================C:\Users\pat\g2ax_customer_downloadhelper_win32_x86.exe Some content of TEMP:====================C:\Users\pat\AppData\Local\Temp\EyeFiUpdates.exeC:\Users\pat\AppData\Local\Temp\G2MInstallerExtractor.exeC:\Users\pat\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exeC:\Users\pat\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exeC:\Users\pat\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exeC:\Users\pat\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exeC:\Users\pat\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\pat\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\lowproc.exeC:\Users\pat\AppData\Local\Temp\ose00000.exeC:\Users\pat\AppData\Local\Temp\stubhelper.dllC:\Users\pat\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 09:30 ==================== End Of Log ============================ and the file "addition.txt" Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014Ran by pat at 2014-06-09 21:46:55Running from C:\Users\pat\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) HiddenAdobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) HiddenBurn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) HiddenCisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) HiddenCorel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) HiddenEpson Event Manager (HKLM-x32\...\{089EC7B5-6480-4478-ACF0-DEFD4047343C}) (Version: 2.40.0004 - SEIKO EPSON CORPORATION)Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WorkForce 840 Series Printer Uninstall (HKLM\...\EPSON WorkForce 840 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenGoToMeeting 4.8.0.723 (HKCU\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)Integrated Camera Driver Installer Package Ver.1.0.1.9 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.9 - RICOH)Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.8.601 - Chicony Electronics Co.,Ltd.)Intel PROSet Wireless (Version: - ) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)Intel® Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) HiddenJava 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) HiddenLenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: - Lenovo)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessage Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Nuance PDF Professional 6 (HKLM\...\{A39BDD06-3F65-43B7-8C85-28FDC6F0982C}) (Version: 6.00.6401 - Nuance Communications, Inc)On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - )RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenRegistry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )Scansoft PDF Professional (x32 Version: - ) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1400 - Broadcom Corporation)ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)Windows Driver Package - Intel (iaStor) hdc (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (HKLM\...\03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenYahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) ==================== Restore Points ========================= 15-05-2014 00:20:12 Windows Update18-05-2014 16:46:59 Windows Update22-05-2014 16:18:08 Windows Update26-05-2014 15:35:19 Windows Update29-05-2014 15:40:20 Windows Update01-06-2014 16:28:46 Windows Update05-06-2014 16:06:03 Windows Update08-06-2014 16:40:02 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {06A112B3-90D8-4E41-8026-9071BC288BEF} - System32\Tasks\JavaUpdateSched => C:\Windows\SysWOW64\jusched.exeTask: {1287EA5B-9121-4F3D-BE3D-AC95B73E3A6C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)Task: {23D17CCA-01C7-47CA-BCEC-A65599D88173} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)Task: {366C5527-8157-495D-A998-FA276D0A755B} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()Task: {41FD215B-9445-4267-B2A9-2C6DE88F4234} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)Task: {5306F272-634B-4B7E-9A79-D9985EE27CF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)Task: {6233B00E-B539-4338-A2BC-643C3B11CE60} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)Task: {75142DD0-4D7A-4EA2-8DF2-C9E20EF9ADEA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2118590195-3291819304-2479980504-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)Task: {7DA92A76-663A-44C5-907F-2F4C5DD5A32D} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)Task: {A9B9D058-821C-41F0-ACEB-14445C26542F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)Task: {B7AF177B-8004-4567-847F-386E2E872177} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)Task: {BC8C3794-17E3-4D03-9522-F12DBACD11FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)Task: {C5CEBD88-805B-4C11-B182-4683FEB24FF7} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)Task: {CC922524-3E01-4AEE-8509-E8904D747B48} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {D418486B-ADB0-42EA-859E-BF3252FD6375} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)Task: {E2290AEC-99A3-4255-ADD8-9D1ACCA18AD6} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()Task: {FDE2F791-05CD-4630-A469-A13D189D9DA7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2118590195-3291819304-2479980504-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeTask: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2011-02-12 11:05 - 2010-08-24 14:30 - 00038912 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL2010-02-18 03:26 - 2010-02-18 03:26 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2010-11-29 04:34 - 2010-11-29 04:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2009-05-28 02:09 - 2009-05-28 02:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe2014-05-22 08:36 - 2014-05-13 19:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-22 08:36 - 2014-05-13 19:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-22 08:36 - 2014-05-13 19:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-22 08:36 - 2014-05-13 19:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-22 08:36 - 2014-05-13 19:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:527B6DADAlternateDataStreams: C:\ProgramData\TEMP:8E55808CAlternateDataStreams: C:\Users\pat\Documents\20ques.eml:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\Imagine.eml:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\Message31.EML:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\New Jersey Update.eml:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\response to query.eml:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\RE_ FFREE-NJ.eml:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\TASH Conference and Symposium Invitation.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Microsoft Virtual WiFi Miniport AdapterDescription: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport Adapter #2Description: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (06/08/2014 11:29:17 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: OUTLOOK.EXE, version: 14.0.7113.5000, time stamp: 0x527d636cFaulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722Exception code: 0xc0000005Fault offset: 0x0000c120Faulting process id: 0x14bcFaulting application start time: 0xOUTLOOK.EXE0Faulting application path: OUTLOOK.EXE1Faulting module path: OUTLOOK.EXE2Report Id: OUTLOOK.EXE3 Error: (05/27/2014 08:12:16 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: EXCEL.EXE, version: 14.0.7109.5000, time stamp: 0x522a4031Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0xed4Faulting application start time: 0xEXCEL.EXE0Faulting application path: EXCEL.EXE1Faulting module path: EXCEL.EXE2Report Id: EXCEL.EXE3 Error: (05/27/2014 08:11:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: EXCEL.EXE, version: 14.0.7109.5000, time stamp: 0x522a4031Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96fException code: 0xc0000005Fault offset: 0x000499b2Faulting process id: 0x1e80Faulting application start time: 0xEXCEL.EXE0Faulting application path: EXCEL.EXE1Faulting module path: EXCEL.EXE2Report Id: EXCEL.EXE3 Error: (05/27/2014 08:10:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: EXCEL.EXE, version: 14.0.7109.5000, time stamp: 0x522a4031Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x1378Faulting application start time: 0xEXCEL.EXE0Faulting application path: EXCEL.EXE1Faulting module path: EXCEL.EXE2Report Id: EXCEL.EXE3 Error: (05/27/2014 02:09:36 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: EXCEL.EXE, version: 14.0.7109.5000, time stamp: 0x522a4031Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x1bc8Faulting application start time: 0xEXCEL.EXE0Faulting application path: EXCEL.EXE1Faulting module path: EXCEL.EXE2Report Id: EXCEL.EXE3 Error: (05/16/2014 07:59:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: Hotterstill)Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/15/2014 09:27:07 AM) (Source: Microsoft Office 14) (EventID: 2001) (User: )Description: Microsoft Word: Rejected Safe Mode action : Word experienced a serious problem with the 'send to bluetooth' add-in. If you have seen this message multiple times, you should disable this add-in and check to see if an update is available. Do you want to disable this add-in?.Rejected Safe Mode action : Microsoft Word. Error: (05/14/2014 08:25:59 PM) (Source: Windows Search Service) (EventID: 3007) (User: )Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer. Context: Application, SystemIndex Catalog Error: (05/14/2014 09:54:23 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: WINWORD.EXE, version: 14.0.7121.5004, time stamp: 0x5329c092Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x0c5ff6f4Faulting process id: 0x1a94Faulting application start time: 0xWINWORD.EXE0Faulting application path: WINWORD.EXE1Faulting module path: WINWORD.EXE2Report Id: WINWORD.EXE3 Error: (05/14/2014 09:47:15 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: WINWORD.EXE, version: 14.0.7121.5004, time stamp: 0x5329c092Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x1590Faulting application start time: 0xWINWORD.EXE0Faulting application path: WINWORD.EXE1Faulting module path: WINWORD.EXE2Report Id: WINWORD.EXE3 System errors:=============Error: (06/09/2014 09:47:40 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {35B1D3BB-2D4E-4A7C-9AF0-F2F677AF7C30} Error: (06/09/2014 09:45:40 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {375FF002-DD27-11D9-8F9C-0002B3988E81} Error: (06/09/2014 08:42:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: %%2 Error: (06/07/2014 08:50:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: %%2 Error: (06/06/2014 07:22:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: %%2 Error: (06/05/2014 07:45:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: %%2 Error: (06/04/2014 08:16:26 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {35B1D3BB-2D4E-4A7C-9AF0-F2F677AF7C30} Error: (06/04/2014 08:12:26 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {375FF002-DD27-11D9-8F9C-0002B3988E81} Error: (06/04/2014 07:40:33 AM) (Source: ACPI) (EventID: 13) (User: )Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (06/04/2014 07:39:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (06/08/2014 11:29:17 AM) (Source: Application Error) (EventID: 1000) (User: )Description: OUTLOOK.EXE14.0.7113.5000527d636cmsvcrt.dll7.0.7601.177444eeaf722c00000050000c12014bc01cf832dee4d4c28C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Windows\syswow64\msvcrt.dlla6fe3471-ef21-11e3-992b-60eb69c97bbe Error: (05/27/2014 08:12:16 PM) (Source: Application Error) (EventID: 1000) (User: )Description: EXCEL.EXE14.0.7109.5000522a4031ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753ed401cf7a0972676f8fC:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\Windows\SysWOW64\ntdll.dllb962bbe2-e5fc-11e3-ac1d-60eb69c97bbe Error: (05/27/2014 08:11:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: EXCEL.EXE14.0.7109.5000522a4031ole32.dll6.1.7601.175144ce7b96fc0000005000499b21e8001cf7a093d439751C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\Windows\syswow64\ole32.dlla4369e92-e5fc-11e3-ac1d-60eb69c97bbe Error: (05/27/2014 08:10:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: EXCEL.EXE14.0.7109.5000522a4031ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753137801cf79d6e1e09bcdC:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\Windows\SysWOW64\ntdll.dll686135b3-e5fc-11e3-ac1d-60eb69c97bbe Error: (05/27/2014 02:09:36 PM) (Source: Application Error) (EventID: 1000) (User: )Description: EXCEL.EXE14.0.7109.5000522a4031ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7531bc801cf79d6a7d8afbfC:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\Windows\SysWOW64\ntdll.dll0f809f94-e5ca-11e3-ac1d-60eb69c97bbe Error: (05/16/2014 07:59:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: Hotterstill)Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/15/2014 09:27:07 AM) (Source: Microsoft Office 14) (EventID: 2001) (User: )Description: Microsoft WordWord experienced a serious problem with the 'send to bluetooth' add-in. If you have seen this message multiple times, you should disable this add-in and check to see if an update is available. Do you want to disable this add-in? Error: (05/14/2014 08:25:59 PM) (Source: Windows Search Service) (EventID: 3007) (User: )Description: Context: Application, SystemIndex Catalog Error: (05/14/2014 09:54:23 AM) (Source: Application Error) (EventID: 1000) (User: )Description: WINWORD.EXE14.0.7121.50045329c092unknown0.0.0.000000000c00000050c5ff6f41a9401cf6f7b23eba481C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEunknown406de0e8-db6f-11e3-9ae8-60eb69c97bbe Error: (05/14/2014 09:47:15 AM) (Source: Application Error) (EventID: 1000) (User: )Description: WINWORD.EXE14.0.7121.50045329c092ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753159001cf6f7b0249d342C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Windows\SysWOW64\ntdll.dll41864550-db6e-11e3-9ae8-60eb69c97bbe CodeIntegrity Errors:=================================== Date: 2014-04-27 09:44:04.962 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WUDFPf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-27 09:40:56.330 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-27 09:40:56.127 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-27 09:40:54.879 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\luafv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-27 09:40:54.661 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\luafv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 49%Total physical RAM: 3892.55 MBAvailable physical RAM: 1972.66 MBTotal Pagefile: 7783.28 MBAvailable Pagefile: 5432.36 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:192.42 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.62 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: F8838A3F)Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  4. here is addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014Ran by pat at 2014-05-18 10:06:01Running from C:\Users\pat\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) HiddenAdobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) HiddenBurn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) HiddenCisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) HiddenCorel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) HiddenEpson Event Manager (HKLM-x32\...\{089EC7B5-6480-4478-ACF0-DEFD4047343C}) (Version: 2.40.0004 - SEIKO EPSON CORPORATION)Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WorkForce 840 Series Printer Uninstall (HKLM\...\EPSON WorkForce 840 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenGoToMeeting 4.8.0.723 (HKCU\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)Integrated Camera Driver Installer Package Ver.1.0.1.9 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.9 - RICOH)Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.8.601 - Chicony Electronics Co.,Ltd.)Intel PROSet Wireless (Version: - ) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)Intel® Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) HiddenJava 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) HiddenLenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: - Lenovo)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessage Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Nuance PDF Professional 6 (HKLM\...\{A39BDD06-3F65-43B7-8C85-28FDC6F0982C}) (Version: 6.00.6401 - Nuance Communications, Inc)On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.71.00 - )RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenRegistry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )Scansoft PDF Professional (x32 Version: - ) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1400 - Broadcom Corporation)ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)Windows Driver Package - Intel (iaStor) hdc (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (HKLM\...\03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenYahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) ==================== Restore Points ========================= 28-04-2014 00:49:59 Windows Update28-04-2014 00:59:50 Windows Update01-05-2014 17:59:52 Windows Update03-05-2014 00:15:15 Windows Update06-05-2014 16:42:55 Windows Update10-05-2014 17:24:17 Windows Update13-05-2014 18:16:04 Windows Update15-05-2014 00:20:12 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {06A112B3-90D8-4E41-8026-9071BC288BEF} - System32\Tasks\JavaUpdateSched => C:\Windows\SysWOW64\jusched.exeTask: {1287EA5B-9121-4F3D-BE3D-AC95B73E3A6C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)Task: {23D17CCA-01C7-47CA-BCEC-A65599D88173} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)Task: {366C5527-8157-495D-A998-FA276D0A755B} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()Task: {41FD215B-9445-4267-B2A9-2C6DE88F4234} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)Task: {5306F272-634B-4B7E-9A79-D9985EE27CF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)Task: {6233B00E-B539-4338-A2BC-643C3B11CE60} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)Task: {75142DD0-4D7A-4EA2-8DF2-C9E20EF9ADEA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2118590195-3291819304-2479980504-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)Task: {7DA92A76-663A-44C5-907F-2F4C5DD5A32D} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)Task: {A9B9D058-821C-41F0-ACEB-14445C26542F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)Task: {B7AF177B-8004-4567-847F-386E2E872177} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)Task: {BC8C3794-17E3-4D03-9522-F12DBACD11FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)Task: {C5CEBD88-805B-4C11-B182-4683FEB24FF7} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)Task: {CC922524-3E01-4AEE-8509-E8904D747B48} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {D418486B-ADB0-42EA-859E-BF3252FD6375} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)Task: {E2290AEC-99A3-4255-ADD8-9D1ACCA18AD6} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()Task: {FDE2F791-05CD-4630-A469-A13D189D9DA7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2118590195-3291819304-2479980504-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeTask: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2011-02-12 11:05 - 2010-08-24 14:30 - 00038912 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2010-11-29 04:34 - 2010-11-29 04:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2010-02-18 03:26 - 2010-02-18 03:26 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll2009-05-28 02:09 - 2009-05-28 02:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll2014-05-16 13:16 - 2014-05-07 19:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-05-16 13:16 - 2014-05-07 19:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll2014-05-16 13:16 - 2014-05-07 19:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll2014-05-16 13:16 - 2014-05-07 19:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll2014-05-16 13:16 - 2014-05-07 19:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll2014-05-16 13:16 - 2014-05-07 19:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:527B6DADAlternateDataStreams: C:\ProgramData\TEMP:8E55808CAlternateDataStreams: C:\Users\pat\Documents\20ques.eml:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\Imagine.eml:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\Message31.EML:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\New Jersey Update.eml:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\response to query.eml:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\RE_ FFREE-NJ.eml:OECustomPropertyAlternateDataStreams: C:\Users\pat\Documents\TASH Conference and Symposium Invitation.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Microsoft Virtual WiFi Miniport AdapterDescription: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport Adapter #2Description: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (05/16/2014 07:59:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: Hotterstill)Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (05/15/2014 09:27:07 AM) (Source: Microsoft Office 14) (EventID: 2001) (User: )Description: Microsoft Word: Rejected Safe Mode action : Word experienced a serious problem with the 'send to bluetooth' add-in. If you have seen this message multiple times, you should disable this add-in and check to see if an update is available. Do you want to disable this add-in?.Rejected Safe Mode action : Microsoft Word. Error: (05/14/2014 08:25:59 PM) (Source: Windows Search Service) (EventID: 3007) (User: )Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer. Context: Application, SystemIndex Catalog Error: (05/14/2014 09:54:23 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: WINWORD.EXE, version: 14.0.7121.5004, time stamp: 0x5329c092Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x0c5ff6f4Faulting process id: 0x1a94Faulting application start time: 0xWINWORD.EXE0Faulting application path: WINWORD.EXE1Faulting module path: WINWORD.EXE2Report Id: WINWORD.EXE3 Error: (05/14/2014 09:47:15 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: WINWORD.EXE, version: 14.0.7121.5004, time stamp: 0x5329c092Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x1590Faulting application start time: 0xWINWORD.EXE0Faulting application path: WINWORD.EXE1Faulting module path: WINWORD.EXE2Report Id: WINWORD.EXE3 Error: (05/13/2014 08:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: WINWORD.EXE, version: 14.0.7121.5004, time stamp: 0x5329c092Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0xe50Faulting application start time: 0xWINWORD.EXE0Faulting application path: WINWORD.EXE1Faulting module path: WINWORD.EXE2Report Id: WINWORD.EXE3 Error: (05/13/2014 03:55:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: WINWORD.EXE, version: 14.0.7121.5004, time stamp: 0x5329c092Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x1ba4Faulting application start time: 0xWINWORD.EXE0Faulting application path: WINWORD.EXE1Faulting module path: WINWORD.EXE2Report Id: WINWORD.EXE3 Error: (05/13/2014 03:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: WINWORD.EXE, version: 14.0.7121.5004, time stamp: 0x5329c092Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x18d0Faulting application start time: 0xWINWORD.EXE0Faulting application path: WINWORD.EXE1Faulting module path: WINWORD.EXE2Report Id: WINWORD.EXE3 Error: (05/13/2014 10:58:23 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: WINWORD.EXE, version: 14.0.7121.5004, time stamp: 0x5329c092Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x1624Faulting application start time: 0xWINWORD.EXE0Faulting application path: WINWORD.EXE1Faulting module path: WINWORD.EXE2Report Id: WINWORD.EXE3 Error: (05/07/2014 07:48:46 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: WINWORD.EXE, version: 14.0.7121.5004, time stamp: 0x5329c092Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x16b8Faulting application start time: 0xWINWORD.EXE0Faulting application path: WINWORD.EXE1Faulting module path: WINWORD.EXE2Report Id: WINWORD.EXE3 System errors:=============Error: (05/18/2014 09:29:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: %%2 Error: (05/17/2014 10:36:41 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {35B1D3BB-2D4E-4A7C-9AF0-F2F677AF7C30} Error: (05/17/2014 10:34:41 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {375FF002-DD27-11D9-8F9C-0002B3988E81} Error: (05/17/2014 08:14:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: %%2 Error: (05/16/2014 08:22:48 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63} Error: (05/16/2014 07:56:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: %%2 Error: (05/15/2014 08:32:41 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63} Error: (05/15/2014 07:51:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: %%2 Error: (05/14/2014 08:20:23 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (05/14/2014 08:50:52 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {35B1D3BB-2D4E-4A7C-9AF0-F2F677AF7C30} Microsoft Office Sessions:=========================Error: (05/16/2014 07:59:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: Hotterstill)Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL) Error: (05/15/2014 09:27:07 AM) (Source: Microsoft Office 14) (EventID: 2001) (User: )Description: Microsoft WordWord experienced a serious problem with the 'send to bluetooth' add-in. If you have seen this message multiple times, you should disable this add-in and check to see if an update is available. Do you want to disable this add-in? Error: (05/14/2014 08:25:59 PM) (Source: Windows Search Service) (EventID: 3007) (User: )Description: Context: Application, SystemIndex Catalog Error: (05/14/2014 09:54:23 AM) (Source: Application Error) (EventID: 1000) (User: )Description: WINWORD.EXE14.0.7121.50045329c092unknown0.0.0.000000000c00000050c5ff6f41a9401cf6f7b23eba481C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEunknown406de0e8-db6f-11e3-9ae8-60eb69c97bbe Error: (05/14/2014 09:47:15 AM) (Source: Application Error) (EventID: 1000) (User: )Description: WINWORD.EXE14.0.7121.50045329c092ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753159001cf6f7b0249d342C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Windows\SysWOW64\ntdll.dll41864550-db6e-11e3-9ae8-60eb69c97bbe Error: (05/13/2014 08:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )Description: WINWORD.EXE14.0.7121.50045329c092ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753e5001cf6ee5540dece9C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Windows\SysWOW64\ntdll.dll8ea269e1-dafd-11e3-8636-60eb69c97bbe Error: (05/13/2014 03:55:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: WINWORD.EXE14.0.7121.50045329c092ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7531ba401cf6ee54c19ad18C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Windows\SysWOW64\ntdll.dll91d95a85-dad8-11e3-8636-60eb69c97bbe Error: (05/13/2014 03:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: WINWORD.EXE14.0.7121.50045329c092ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75318d001cf6ebbd7a7e899C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Windows\SysWOW64\ntdll.dll83c0bfaf-dad8-11e3-8636-60eb69c97bbe Error: (05/13/2014 10:58:23 AM) (Source: Application Error) (EventID: 1000) (User: )Description: WINWORD.EXE14.0.7121.50045329c092ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753162401cf6ebb9d299a37C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Windows\SysWOW64\ntdll.dll074955fe-daaf-11e3-8636-60eb69c97bbe Error: (05/07/2014 07:48:46 PM) (Source: Application Error) (EventID: 1000) (User: )Description: WINWORD.EXE14.0.7121.50045329c092ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75316b801cf6a4ede55a6dfC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Windows\SysWOW64\ntdll.dll20eb0850-d642-11e3-b5b9-60eb69c97bbe CodeIntegrity Errors:=================================== Date: 2014-04-27 09:44:04.962 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WUDFPf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-27 09:40:56.330 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-27 09:40:56.127 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-27 09:40:54.879 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\luafv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-27 09:40:54.661 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\luafv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 49%Total physical RAM: 3892.55 MBAvailable physical RAM: 1984.87 MBTotal Pagefile: 7783.28 MBAvailable Pagefile: 5708.3 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:191.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.62 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: F8838A3F)Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  5. my previous reply went missing because the post was too big. posting in two parts Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014Ran by pat (administrator) on HOTTERSTILL on 18-05-2014 10:04:40Running from C:\Users\pat\DownloadsPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Lenovo.) C:\Windows\System32\TpShocks.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGMA.EXE(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGMA.EXE(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 6\PdfPro6Hook.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-11-23] (RealNetworks, Inc.)HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitorHKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Professional 6\pdfpro6hook.exe [1275168 2009-07-27] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PDF6 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-07-27] (Nuance Communications, Inc.)HKLM-x32\...\Run: [Nuance PDF Professional 6-reminder] => C:\Program Files (x86)\Nuance\PDF Professional 6\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.)HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)HKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\Run: [WorkForce 840(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\Run: [HP Laser printer] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\Run: [Eye-Fi] => "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"HKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\Run: [EPSON WorkForce 840 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\MountPoints2: {2eba4056-36b7-11e0-a28f-806e6f6e6963} - Q:\LenovoQDrive.exeHKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\MountPoints2: {421c2ddf-531f-11e1-a034-60eb69c97bbe} - E:\LaunchU3.exe -aHKU\S-1-5-21-2118590195-3291819304-2479980504-1000\...\MountPoints2: {fff2db79-1c1e-11e1-9b88-60eb69c97bbe} - E:\LaunchU3.exe -aLsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dllStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpadHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.comHKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28554A980D6FCF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {38754704-BAE8-4418-B9E6-A8E5F39D8D50} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP10EP1-16277/training/ieatgpc1.cabHandler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No FileHandler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-23] Chrome: =======CHR HomePage: hxxp://www.google.com/CHR StartupUrls: "hxxp://www.google.com/"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No FileCHR Extension: (YouTube) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-17]CHR Extension: (Google Search) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-17]CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-04-17]CHR Extension: (Google Wallet) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]CHR Extension: (Gmail) - C:\Users\pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-17]CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-23] ==================== Services (Whitelisted) ================= R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-07-27] (Nuance Communications, Inc.)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] () ==================== Drivers (Whitelisted) ==================== R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-18 10:04 - 2014-05-18 10:05 - 00023067 _____ () C:\Users\pat\Downloads\FRST.txt2014-05-18 10:04 - 2014-05-18 10:04 - 00000000 ____D () C:\FRST2014-05-18 10:03 - 2014-05-18 10:04 - 02067456 _____ (Farbar) C:\Users\pat\Downloads\FRST64.exe2014-05-14 20:25 - 2014-05-06 01:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-14 20:25 - 2014-05-06 01:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-14 20:25 - 2014-05-05 23:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-14 20:25 - 2014-05-05 23:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-14 20:25 - 2014-05-05 23:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-14 20:25 - 2014-05-05 23:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-14 07:42 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-14 07:42 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-14 07:42 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-05-14 07:42 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2014-05-14 07:42 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-05-14 07:42 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2014-05-14 07:42 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2014-05-14 07:42 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2014-05-14 07:42 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2014-05-14 07:42 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-05-14 07:42 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-05-14 07:42 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-05-14 07:42 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-05-14 07:42 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-05-14 07:42 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-05-14 07:42 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-05-14 07:42 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2014-05-14 07:42 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-05-14 07:42 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-05-14 07:42 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-05-14 07:42 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll2014-05-14 07:42 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-05-14 07:42 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-05-07 09:08 - 2014-05-07 09:08 - 00015724 ____H () C:\Users\pat\Documents\~WRL2911.tmp2014-04-27 21:03 - 2014-05-15 07:50 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-04-27 21:03 - 2014-04-27 21:03 - 00002982 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements2014-04-27 20:51 - 2013-12-21 05:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-04-27 20:51 - 2013-12-21 03:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-04-27 15:29 - 2014-03-13 02:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-04-27 15:29 - 2014-03-13 02:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-04-27 15:29 - 2014-03-13 02:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-04-27 15:29 - 2014-03-13 02:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-04-27 15:29 - 2014-03-13 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-04-27 15:29 - 2014-03-13 02:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-04-27 15:29 - 2014-03-13 02:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-04-27 15:29 - 2014-03-13 02:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-04-27 15:29 - 2014-03-13 02:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-04-27 15:29 - 2014-03-13 02:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-04-27 15:29 - 2014-03-13 02:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-04-27 15:29 - 2014-03-13 02:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-04-27 15:29 - 2014-03-13 02:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-04-27 15:29 - 2014-03-13 02:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-04-27 15:29 - 2014-03-13 01:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-04-27 15:29 - 2014-03-13 01:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-04-27 15:29 - 2014-03-13 01:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-04-27 15:29 - 2014-03-13 01:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-04-27 15:29 - 2014-03-13 01:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-04-27 15:29 - 2014-03-13 01:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-04-27 15:29 - 2014-03-13 01:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-04-27 15:29 - 2014-03-13 01:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-04-27 15:29 - 2014-03-13 01:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-04-27 15:29 - 2014-03-13 01:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-04-27 15:29 - 2014-03-13 01:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-04-27 15:29 - 2014-03-13 01:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-04-27 15:29 - 2014-03-13 01:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-04-27 15:29 - 2014-03-12 23:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2014-04-27 15:29 - 2014-03-12 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2014-04-27 10:32 - 2014-04-27 10:32 - 00000000 ____D () C:\Users\pat\AppData\Local\Lenovo2014-04-27 10:25 - 2014-04-27 12:06 - 00000000 ____D () C:\Windows\pss2014-04-27 10:21 - 2014-04-27 10:22 - 00279608 _____ () C:\Windows\Minidump\042714-25989-01.dmp2014-04-27 09:59 - 2014-04-27 09:59 - 00270568 _____ () C:\Windows\Minidump\042714-17986-01.dmp2014-04-27 09:43 - 2014-04-27 09:43 - 00279000 _____ () C:\Windows\Minidump\042714-15194-01.dmp2014-04-27 09:40 - 2014-04-27 09:40 - 00270568 _____ () C:\Windows\Minidump\042714-21684-01.dmp2014-04-27 09:29 - 2014-04-27 09:29 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%2014-04-25 14:52 - 2011-01-14 02:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll2014-04-25 14:41 - 2014-04-25 14:41 - 00000000 ____D () C:\Users\pat\AppData\Local\Tvsukernel2014-04-25 14:41 - 2012-01-14 00:41 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys2014-04-25 14:39 - 2011-10-25 06:23 - 00510232 _____ (Intel Corporation) C:\Windows\system32\SETBBFF.tmp2014-04-25 14:39 - 2011-10-25 06:23 - 00417560 _____ (Intel Corporation) C:\Windows\system32\SETBF92.tmp2014-04-25 14:39 - 2011-10-25 06:23 - 00162584 _____ (Intel Corporation) C:\Windows\system32\SETBDD9.tmp2014-04-25 14:39 - 2011-10-25 06:22 - 00386840 _____ (Intel Corporation) C:\Windows\system32\SETBE76.tmp2014-04-25 14:39 - 2011-10-25 06:22 - 00224024 _____ (Intel Corporation) C:\Windows\system32\SETC1E9.tmp2014-04-25 14:39 - 2011-10-14 03:10 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll2014-04-25 14:39 - 2011-10-14 02:36 - 00087552 _____ (Intel Corporation) C:\Windows\system32\SETC4CF.tmp2014-04-25 14:39 - 2010-10-15 16:28 - 00317440 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys2014-04-25 14:39 - 2010-10-15 16:27 - 00014848 _____ (Intel® Corporation) C:\Windows\system32\SET17CB.tmp2014-04-25 14:39 - 2009-12-14 12:33 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll2014-04-25 14:38 - 2014-04-25 14:38 - 00000000 ____D () C:\Program Files\Common Files\Lenovo2014-04-25 14:38 - 2010-03-04 16:30 - 09112096 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUStoricon.dll2014-04-25 14:38 - 2010-03-04 16:30 - 00422432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtsUStor.dll2014-04-25 14:37 - 2014-04-25 14:37 - 00000000 ____D () C:\Program Files (x86)\Integrated Camera Driver2014-04-25 14:37 - 2014-04-25 14:37 - 00000000 ____D () C:\Program Files (x86)\Chicony Electronics Co.,Ltd2014-04-25 14:35 - 2011-06-21 15:02 - 00121856 _____ (Ricoh co.,Ltd.) C:\Windows\system32\5U877.ax2014-04-25 14:35 - 2011-06-21 15:02 - 00106496 _____ (Ricoh co.,Ltd.) C:\Windows\SysWOW64\5U877.ax2014-04-25 14:35 - 2011-06-21 15:01 - 00167040 _____ (Ricoh co.,Ltd.) C:\Windows\system32\Drivers\5U877.sys2014-04-25 14:35 - 2011-06-21 15:00 - 00123392 _____ (Ricoh co.,Ltd.) C:\Windows\system32\5U877.dll2014-04-25 14:34 - 2014-04-25 14:34 - 00000000 ____D () C:\Program Files\Common Files\SPBA2014-04-25 14:34 - 2014-04-25 14:34 - 00000000 ____D () C:\Program Files\AuthenTec2014-04-25 14:34 - 2013-05-22 16:17 - 00015472 _____ (Lenovo Group Limited) C:\Windows\system32\Drivers\smiifx64.sys2014-04-25 14:30 - 2014-04-25 14:31 - 00000000 ____D () C:\Windows\System32\Tasks\TVT2014-04-25 14:30 - 2014-04-25 14:30 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo2014-04-24 07:59 - 2014-04-24 07:59 - 00266288 _____ () C:\Windows\Minidump\042414-20685-01.dmp2014-04-23 09:50 - 2014-04-23 09:50 - 00000000 ____D () C:\Users\pat\Documents\20140423-Exploring Employment_“Who are you, and what do you do_” Aut(1215267057)2014-04-22 18:53 - 2014-04-22 19:09 - 00000000 ____D () C:\Users\pat\Documents\20140422-Exploring Employment_“Who are you, and what do you do_” Aut(1215266988)2014-04-21 09:46 - 2014-04-21 09:46 - 00000000 ____D () C:\Program Files (x86)\Western Digital Technologies2014-04-21 08:01 - 2014-04-21 08:01 - 00262144 _____ () C:\Windows\Minidump\042114-17596-01.dmp2014-04-21 07:45 - 2014-04-21 07:45 - 00262144 _____ () C:\Windows\Minidump\042114-20358-01.dmp2014-04-21 07:36 - 2014-04-21 07:36 - 00272264 _____ () C:\Windows\Minidump\042114-21886-01.dmp2014-04-19 07:11 - 2014-04-19 07:11 - 00262144 _____ () C:\Windows\Minidump\041914-13587-01.dmp2014-04-18 08:09 - 2014-04-18 08:09 - 00000000 __SHD () C:\Users\pat\AppData\Local\EmieUserList2014-04-18 08:09 - 2014-04-18 08:09 - 00000000 __SHD () C:\Users\pat\AppData\Local\EmieSiteList ==================== One Month Modified Files and Folders ======= 2014-05-18 10:05 - 2014-05-18 10:04 - 00023067 _____ () C:\Users\pat\Downloads\FRST.txt2014-05-18 10:04 - 2014-05-18 10:04 - 00000000 ____D () C:\FRST2014-05-18 10:04 - 2014-05-18 10:03 - 02067456 _____ (Farbar) C:\Users\pat\Downloads\FRST64.exe2014-05-18 09:39 - 2012-04-12 20:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-05-18 09:37 - 2009-07-14 00:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-18 09:37 - 2009-07-14 00:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-18 09:35 - 2011-08-31 15:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-18 09:34 - 2011-02-12 10:52 - 01196141 _____ () C:\Windows\WindowsUpdate.log2014-05-18 09:29 - 2011-05-18 01:07 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job2014-05-18 09:29 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-18 09:29 - 2009-07-14 00:51 - 00152272 _____ () C:\Windows\setupact.log2014-05-17 16:14 - 2011-08-31 15:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-17 12:00 - 2011-05-18 01:07 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest2014-05-17 12:00 - 2011-05-18 01:07 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher2014-05-16 13:16 - 2013-04-17 07:12 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-05-16 07:59 - 2013-03-18 08:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-15 10:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-05-15 07:57 - 2011-05-17 19:25 - 00000000 ___RD () C:\Users\pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-15 07:57 - 2011-05-17 19:25 - 00000000 ___RD () C:\Users\pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-15 07:50 - 2014-04-27 21:03 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-05-15 07:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-05-14 20:27 - 2014-03-30 10:13 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-05-14 20:23 - 2013-08-14 17:41 - 00000000 ____D () C:\Windows\system32\MRT2014-05-14 20:21 - 2011-05-18 00:46 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-05-14 09:54 - 2011-07-26 08:31 - 00000000 ____D () C:\Users\pat\AppData\Local\CrashDumps2014-05-13 20:43 - 2012-04-12 20:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-05-13 20:43 - 2012-04-12 20:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-05-13 20:43 - 2011-07-18 21:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-09 07:39 - 2011-05-18 01:07 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job2014-05-09 02:14 - 2014-05-14 07:42 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-09 02:11 - 2014-05-14 07:42 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-08 14:09 - 2011-08-31 15:48 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-08 14:09 - 2011-08-31 15:48 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-08 08:47 - 2011-05-18 01:07 - 00004232 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask2014-05-07 09:08 - 2014-05-07 09:08 - 00015724 ____H () C:\Users\pat\Documents\~WRL2911.tmp2014-05-06 01:14 - 2014-05-14 20:25 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-06 01:14 - 2014-05-14 20:25 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-05 23:48 - 2014-05-14 20:25 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-05 23:48 - 2014-05-14 20:25 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-05 23:37 - 2014-05-14 20:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-05 23:26 - 2014-05-14 20:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-29 07:45 - 2009-07-14 01:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-27 21:05 - 2011-05-21 09:41 - 00000518 __RSH () C:\ProgramData\ntuser.pol2014-04-27 21:03 - 2014-04-27 21:03 - 00002982 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements2014-04-27 12:06 - 2014-04-27 10:25 - 00000000 ____D () C:\Windows\pss2014-04-27 12:06 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup2014-04-27 10:32 - 2014-04-27 10:32 - 00000000 ____D () C:\Users\pat\AppData\Local\Lenovo2014-04-27 10:22 - 2014-04-27 10:21 - 00279608 _____ () C:\Windows\Minidump\042714-25989-01.dmp2014-04-27 10:21 - 2011-12-08 17:42 - 628195104 _____ () C:\Windows\MEMORY.DMP2014-04-27 10:21 - 2011-12-08 17:42 - 00000000 ____D () C:\Windows\Minidump2014-04-27 09:59 - 2014-04-27 09:59 - 00270568 _____ () C:\Windows\Minidump\042714-17986-01.dmp2014-04-27 09:43 - 2014-04-27 09:43 - 00279000 _____ () C:\Windows\Minidump\042714-15194-01.dmp2014-04-27 09:40 - 2014-04-27 09:40 - 00270568 _____ () C:\Windows\Minidump\042714-21684-01.dmp2014-04-27 09:29 - 2014-04-27 09:29 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%2014-04-25 20:04 - 2011-02-12 11:25 - 00000000 ____D () C:\ProgramData\PCDr2014-04-25 14:44 - 2011-02-12 11:05 - 00016212 _____ () C:\Windows\system32\results.xml2014-04-25 14:42 - 2011-02-12 11:08 - 00000000 ____D () C:\Program Files\ThinkVantage Fingerprint Software2014-04-25 14:42 - 2011-02-12 11:03 - 00459572 _____ () C:\Windows\PFRO.log2014-04-25 14:41 - 2014-04-25 14:41 - 00000000 ____D () C:\Users\pat\AppData\Local\Tvsukernel2014-04-25 14:40 - 2011-02-12 11:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel2014-04-25 14:39 - 2011-02-12 10:58 - 00000000 ____D () C:\Program Files (x86)\Intel2014-04-25 14:38 - 2014-04-25 14:38 - 00000000 ____D () C:\Program Files\Common Files\Lenovo2014-04-25 14:38 - 2011-02-12 10:59 - 00000000 ____D () C:\Program Files (x86)\Realtek2014-04-25 14:38 - 2011-02-12 10:56 - 00000000 ____D () C:\Program Files\Lenovo2014-04-25 14:37 - 2014-04-25 14:37 - 00000000 ____D () C:\Program Files (x86)\Integrated Camera Driver2014-04-25 14:37 - 2014-04-25 14:37 - 00000000 ____D () C:\Program Files (x86)\Chicony Electronics Co.,Ltd2014-04-25 14:37 - 2011-02-12 11:01 - 00000205 _____ () C:\setup.log2014-04-25 14:37 - 2011-02-12 10:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-04-25 14:34 - 2014-04-25 14:34 - 00000000 ____D () C:\Program Files\Common Files\SPBA2014-04-25 14:34 - 2014-04-25 14:34 - 00000000 ____D () C:\Program Files\AuthenTec2014-04-25 14:34 - 2011-02-12 11:08 - 00000000 ____D () C:\Windows\Downloaded Installations2014-04-25 14:34 - 2011-02-12 11:01 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools2014-04-25 14:34 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns2014-04-25 14:31 - 2014-04-25 14:30 - 00000000 ____D () C:\Windows\System32\Tasks\TVT2014-04-25 14:31 - 2011-02-12 11:14 - 00000000 ____D () C:\ProgramData\Lenovo2014-04-25 14:30 - 2014-04-25 14:30 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo2014-04-25 14:30 - 2011-02-12 11:01 - 00000000 ____D () C:\Program Files (x86)\Lenovo2014-04-24 11:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat2014-04-24 11:57 - 2014-01-27 09:30 - 00000000 ____D () C:\ProgramData\McAfee Security Scan2014-04-24 11:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-04-24 11:56 - 2012-11-23 12:13 - 00000000 ____D () C:\ProgramData\Real2014-04-24 11:56 - 2011-05-22 09:42 - 00000000 __RHD () C:\MSOCache2014-04-24 08:00 - 2011-05-17 19:20 - 00000000 ____D () C:\Users\pat2014-04-24 07:59 - 2014-04-24 07:59 - 00266288 _____ () C:\Windows\Minidump\042414-20685-01.dmp2014-04-23 11:26 - 2010-04-16 10:45 - 00000000 __SHD () C:\Users\pat\Documents\cache2014-04-23 09:50 - 2014-04-23 09:50 - 00000000 ____D () C:\Users\pat\Documents\20140423-Exploring Employment_“Who are you, and what do you do_” Aut(1215267057)2014-04-23 09:17 - 2011-06-01 09:56 - 00000000 ____D () C:\Users\pat\AppData\Roaming\webex2014-04-22 19:09 - 2014-04-22 18:53 - 00000000 ____D () C:\Users\pat\Documents\20140422-Exploring Employment_“Who are you, and what do you do_” Aut(1215266988)2014-04-21 09:46 - 2014-04-21 09:46 - 00000000 ____D () C:\Program Files (x86)\Western Digital Technologies2014-04-21 08:01 - 2014-04-21 08:01 - 00262144 _____ () C:\Windows\Minidump\042114-17596-01.dmp2014-04-21 07:59 - 2009-07-14 01:08 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-04-21 07:45 - 2014-04-21 07:45 - 00262144 _____ () C:\Windows\Minidump\042114-20358-01.dmp2014-04-21 07:36 - 2014-04-21 07:36 - 00272264 _____ () C:\Windows\Minidump\042114-21886-01.dmp2014-04-19 07:11 - 2014-04-19 07:11 - 00262144 _____ () C:\Windows\Minidump\041914-13587-01.dmp2014-04-18 08:09 - 2014-04-18 08:09 - 00000000 __SHD () C:\Users\pat\AppData\Local\EmieUserList2014-04-18 08:09 - 2014-04-18 08:09 - 00000000 __SHD () C:\Users\pat\AppData\Local\EmieSiteList2014-04-18 08:05 - 2014-04-14 07:44 - 00003342 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2118590195-3291819304-2479980504-10002014-04-18 08:05 - 2014-04-14 07:44 - 00003204 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2118590195-3291819304-2479980504-1000 Files to move or delete:====================C:\Users\pat\g2ax_customer_downloadhelper_win32_x86.exe Some content of TEMP:====================C:\Users\pat\AppData\Local\Temp\EyeFiUpdates.exeC:\Users\pat\AppData\Local\Temp\G2MInstallerExtractor.exeC:\Users\pat\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exeC:\Users\pat\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exeC:\Users\pat\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exeC:\Users\pat\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exeC:\Users\pat\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\pat\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\pat\AppData\Local\Temp\lowproc.exeC:\Users\pat\AppData\Local\Temp\ose00000.exeC:\Users\pat\AppData\Local\Temp\stubhelper.dllC:\Users\pat\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe[2014-05-14 07:42] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-09 09:59 ==================== End Of Log ============================ CheckResults.txt
  6. hi I have already done all the obvious things. next time I get access to my wife's laptop I will attach a screen snap.
  7. hi, I tried that, just in case I missed something, but the result is the same. chrome shows pictures, IE just shows text saying there is a pictures. I have tried all the obvious things, short of completely uninstalling IE and reinstalling. somehow I doubt that is worth the trouble
  8. I recently upgraded my wife's laptop with more RAM. the install seemed to go ok but a week or so later she began experiencing errors in Outlook resulting in BSOD's and boot failures. all diagnostics suggested no problem with the memory, but eventually reverting back to the original RAM corrected the problem. the issue is that since I was exploring other causes (given clean memory diagnostics) I tried both installing updated drivers and BIOS, and resorting to a system restore. the net effect of this was a working computer, but now, no pictures display in IE10 or IE11. IE10 is currently installed. I have checked all the usual suspects per Microsoft's recommendations. google chrome works fine, so it's not so critical, but it is still nagging me. any clues or suggestions? I have since reinstalled all windows 7 updates, but I have not checked to see if the Lenovo drivers are still up to date. the computer is a thinkpad edge 14, running win7 professional thanks
  9. I think that sendori was the major culprit. case closed. conduit did hijack my browser though. see link below for other symptoms. https://helpdesk.nwciowa.edu/index.php?/News/NewsItem/View/10
  10. hmmm, I will wait. I found something else installed that was offering me coupons no matter where I went, so I uninstalled it and rebooted. that was called SENDORI. since then the annoying behavior has abated. I monitor for the next day or so. thanks for all the advice.
  11. I think I blocked this one but I am now getting other pop-ups in a new tab. I typically use Chrome, so i will see if IE has the same problem.
  12. the new tab disappears after a short time but the sound effects are highly annoying I'll see if I can block the site http://officialsurvey.zoompanel.org/survey25/step-1.php?sid=c3fca071ce68816891849bd1d2578e48&t202kw=Amazon.co
  13. that's interesting. looks like the links might still work. just a warning to the curious.
  14. still getting popups in new tabs asking to take surveys for the merchant i am visiting I will try to get a screen snap next time. I also got this pop-up today: Attention Amazon Visitor,Data Security Breach Information We want to make you aware of a significant incident that has occurred. There was a massive system breach at Global Payments, a company that processes credit card transactions for a number of companies, including Visa, Mastercard, American express, Discover and other major credit card brands. Files containing personal credit card information were compromised. We are urging you to check your credit card details immediately for any activity that you did not authorize. To help protect you , we have made your 3 Bureau Credit Check available today at no charge. Please be aware that your free credit check include free credit score and all detailed credit information. I didn't go there...
  15. ok i think. your suggestions found more residual stuff than I was able to do manually. I'll see if the fake survey pop-ups return. maybe those were happening before I turned off pop-up blockers though. thanks again.
  16. all done Adware log: # AdwCleaner v3.012 - Report created 16/11/2013 at 20:17:14# Updated 11/11/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Phil - ARDEVUI# Running from : C:\Users\Phil\Downloads\AdwCleaner (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [x] Not Deleted : C:\ProgramData\NCH Software[x] Not Deleted : C:\Program Files (x86)\NCH SoftwareFolder Deleted : C:\Users\Phil\AppData\Local\Temp\Conduit[x] Not Deleted : C:\Users\Phil\AppData\Roaming\NCH SoftwareFolder Deleted : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\CT3311875Folder Deleted : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\Extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}File Deleted : C:\Windows\System32\roboot64.exeFile Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorageFile Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorageFile Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journalFile Deleted : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.comKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKCU\Software\NCH SoftwareKey Deleted : HKLM\Software\NCH Software ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16520 -\\ Mozilla Firefox v14.0.1 (en-US) [ File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\prefs.js ] Line Deleted : user_pref("CT3311875.FF19Solved", "true");Line Deleted : user_pref("CT3311875.UserID", "UN42666354611558516");Line Deleted : user_pref("CT3311875.browser.search.defaultthis.engineName", "true");Line Deleted : user_pref("CT3311875.fullUserID", "UN42666354611558516.IN.20131106053020");Line Deleted : user_pref("CT3311875.installDate", "06/11/2013 05:30:23");Line Deleted : user_pref("CT3311875.installSessionId", "{0CED9BD8-54E8-4BA5-8BDD-F392FBB59209}");Line Deleted : user_pref("CT3311875.installSp", "TRUE");Line Deleted : user_pref("CT3311875.installerVersion", "1.8.0.14");Line Deleted : user_pref("CT3311875.keyword", "true");Line Deleted : user_pref("CT3311875.originalSearchEngine", "Google");Line Deleted : user_pref("CT3311875.searchRevert", "false");Line Deleted : user_pref("CT3311875.searchUserMode", "2");Line Deleted : user_pref("CT3311875.toolbarInstallDate", "06-11-2013 05:30:20");Line Deleted : user_pref("CT3311875.versionFromInstaller", "10.21.1.7");Line Deleted : user_pref("CT3311875.xpeMode", "0");Line Deleted : user_pref("browser.search.defaultenginename", "SweetTunes Search");Line Deleted : user_pref("browser.search.selectedEngine", "SweetTunes Search");Line Deleted : user_pref("extensions.snipit.askTbInstalled", true);Line Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar"); -\\ Google Chrome v [ File : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [10011 octets] - [10/11/2013 12:01:00]AdwCleaner[R1].txt - [4467 octets] - [16/11/2013 20:15:27]AdwCleaner[s0].txt - [4324 octets] - [16/11/2013 20:17:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4384 octets] ########## junkware removal log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by Phil on Sat 11/16/2013 at 16:51:15.78~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugoSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotectSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engineSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2790392Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3311875Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9A70C0A6-ECFE-472D-8251-384980749251}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F6066676-1EEB-BD50-8DCD-39409136EB4C}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} ~~~ Files Successfully deleted: [File] "C:\Users\Phil\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"Successfully deleted: [File] "C:\Users\Phil\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"Successfully deleted: [File] "C:\Users\Phil\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\nsprotector.js"Successfully deleted: [File] "C:\end"Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"Successfully deleted: [Folder] "C:\ProgramData\conduit"Successfully deleted: [Folder] "C:\Users\Phil\AppData\Roaming\searchprotect"Successfully deleted: [Folder] "C:\Users\Phil\appdata\local\blekkotb_031"Successfully deleted: [Folder] "C:\Users\Phil\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Phil\appdata\local\cre"Successfully deleted: [Folder] "C:\Users\Phil\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\Phil\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer" ~~~ FireFox Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml"Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml"Successfully deleted: [File] C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\y0no2wyn.default\user.jsSuccessfully deleted: [File] C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\y0no2wyn.default\searchplugins\bing-zugo.xmlSuccessfully deleted: [File] C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\y0no2wyn.default\searchplugins\conduit.xmlSuccessfully deleted the following from C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\y0no2wyn.default\prefs.js user_pref("CT3311875.originalSearchEngineName", "Blekko");user_pref("CT3311875.smartbar.homepage", "true");user_pref("browser.search.defaultthis.engineName", "SweetTunes Customized Web Search");user_pref("browser.search.order.1", "Blekko");user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);user_pref("smartbar.addressBarOwnerCTID", "CT3311875");user_pref("smartbar.defaultSearchOwnerCTID", "CT3311875");user_pref("smartbar.homePageOwnerCTID", "CT3311875");user_pref("smartbar.machineId", "QPJYDPGLJVVO/RQFEGGVJQB0E4KO9UT+ANZUNGGLDYRGEDGWIRN01KJ+GFEFSU9ELBL2OHAJMVG/SQ4KFPORNQ");Emptied folder: C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\y0no2wyn.default\minidumps [27 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sat 11/16/2013 at 17:01:27.44End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes quick scan: Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.11.16.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Phil :: ARDEVUI [administrator] Protection: Enabled 11/16/2013 8:23:38 PMmbam-log-2013-11-16 (20-23-38).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 249807Time elapsed: 18 minute(s), 12 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) I will monitor behavior for a couple of days. thanks for the suggestions.
  17. btw MS forefront is NOT disabled. I turned it off in case it interfered with the diagnostic.
  18. dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 10.45.2Run by Phil at 8:03:16 on 2013-11-13Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16338.12590 [GMT -5:00].AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\System32\spoolsv.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\svchost.exe -k NetworkServiceC:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exeC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bluetooth Suite\adminservice.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Common Files\Creative Labs Shared\Service\APLicensing.exeC:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\MSI\Super-Charger\ChargeService.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Program Files (x86)\Sendori\sndappv2.exeC:\Windows\SysWOW64\SAgent4.exeC:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\SAMSUNG\PC Auto Backup\WiselinkPro.exeC:\Program Files (x86)\Sendori\SendoriSvc.exeC:\Program Files (x86)\SAMSUNG\PC Auto Backup\http_ss_win_pro.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exeC:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files (x86)\Bluetooth Suite\AthBtTray.exeC:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Users\Phil\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exeC:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exeC:\Users\Phil\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Program Files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exeC:\Program Files (x86)\WinZip\WZQKPICK.EXEC:\Windows\SysWOW64\CTHELPER.EXEC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exeC:\Users\Phil\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exeC:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exeC:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exeC:\Users\Phil\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exeC:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exeC:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exeC:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Sendori\SendoriTray.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\GoZone\GoZone_iSync.exeC:\Program Files (x86)\Microsoft HealthVault\Connection Center\ConnectionCenter.exeC:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exeC:\Windows\system32\taskeng.exeC:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Windows\notepad.exeC:\Program Files (x86)\Replay Music 5\ReplayMusic.exeC:\Program Files (x86)\Rhapsody\rhapsody.exeC:\Program Files (x86)\Rhapsody\rhaphlpr.exeC:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files (x86)\Real\RealPlayer\update\realsched.exeC:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exeC:\Windows\system32\SearchProtocolHost.exeC:\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exeC:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exeC:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exeC:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Sendori\Sendori.Service.exeC:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Phil\AppData\Local\Google\Update\Install\{D65D9906-A85A-416E-99C2-61C81210B0CA}\31.0.1650.48_30.0.1599.101_chrome_updater.exeC:\Users\Phil\AppData\Local\Temp\CR_6B499.tmp\setup.exeC:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer, optimized for Bing and MSNuProxyOverride = 127.0.0.1;*.local;<local>uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"uRun: [Google Update] "C:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenuRun: [sansaDispatch] C:\Users\Phil\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exeuRun: [WorkForce 840(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S10B2.tmp" /EF "HKCU"uRun: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe /start_context sys_autouRun: [Amazon Cloud Player] C:\Users\Phil\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exeuRunOnce: [Application Restart #2] C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- http://r20.rs6.net/tn.jsp?e=001XMKMADkT1nVTywCPbfp-Es99unssZXxdwLA6_LDEH-zMe4sDQVdAMxV7qZB7EiMlq4mlw91XOYGo_I56_z_4SzvA93-2Mji3GGHOp6DCLObad-dq8zrVDw==mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [AsioReg] REGSVR32 /S CTASIO.DLLmRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLLmRun: [AudioDrvEmulator] "C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files (x86)\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"mRun: [CTHelper] CTHELPER.EXEmRun: [CTxfiHlp] CTXFIHLP.EXEmRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startupmRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hidemRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStartmRun: [RCSystem] "C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -StartupmRun: [sAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exemRun: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exemRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"mRun: [updReg] C:\Windows\UpdReg.EXEmRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /rmRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osbootmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"StartupFolder: C:\Users\Phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - C:\Users\Phil\AppData\Local\Temp\WZSE0.TMP\Common\EpsonReg\EpsonReg.exeStartupFolder: C:\Users\Phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exeStartupFolder: C:\Users\Phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft HealthVault\Connection Center\ConnectionCenter.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ATHOME~1.LNK - C:\Program Files (x86)\AtHomeConnect\AtHomeConnect.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PCAUTO~1.LNK - C:\Program Files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXEuPolicies-Explorer: NoViewOnDrive = dword:0uPolicies-Explorer: NoDrives = dword:0uPolicies-Explorer: DisableLocalMachineRun = dword:0uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0uPolicies-Explorer: DisableCurrentUserRun = dword:0uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0uPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoFile = dword:0uPolicies-Explorer: HideClock = dword:0uPolicies-Explorer: NoDevMgrUpdate = dword:0uPolicies-Explorer: NoDFSTab = dword:0uPolicies-Explorer: NoWindowsUpdate = dword:0uPolicies-Explorer: NoEncryptOnMove = dword:0uPolicies-Explorer: NoRunasInstallPrompt = dword:0uPolicies-Explorer: NoResolveTrack = dword:0uPolicies-Explorer: NoStartMenuSubFolders = dword:0uPolicies-System: NoDispAppearancePage = dword:0uPolicies-System: NoDispSettingsPage = dword:0mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoViewOnDrive = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: DisableLocalMachineRun = dword:0mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0mPolicies-Explorer: DisableCurrentUserRun = dword:0mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:0mPolicies-Explorer: NoFile = dword:0mPolicies-Explorer: HideClock = dword:0mPolicies-Explorer: NoDevMgrUpdate = dword:0mPolicies-Explorer: NoDFSTab = dword:0mPolicies-Explorer: NoWindowsUpdate = dword:0mPolicies-Explorer: NoEncryptOnMove = dword:0mPolicies-Explorer: NoRunasInstallPrompt = dword:0mPolicies-Explorer: NoResolveTrack = dword:0mPolicies-Explorer: NoStartMenuSubFolders = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: NoDispAppearancePage = dword:0mPolicies-System: NoDispSettingsPage = dword:0mPolicies-Explorer: NoViewOnDrive = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: DisableLocalMachineRun = dword:0mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0mPolicies-Explorer: DisableCurrentUserRun = dword:0mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:0mPolicies-Explorer: NoFile = dword:0mPolicies-Explorer: HideClock = dword:0mPolicies-Explorer: NoDevMgrUpdate = dword:0mPolicies-Explorer: NoDFSTab = dword:0mPolicies-Explorer: NoWindowsUpdate = dword:0mPolicies-Explorer: NoEncryptOnMove = dword:0mPolicies-Explorer: NoRunasInstallPrompt = dword:0mPolicies-Explorer: NoResolveTrack = dword:0mPolicies-Explorer: NoStartMenuSubFolders = dword:0mPolicies-System: NoDispAppearancePage = dword:0mPolicies-System: NoDispSettingsPage = dword:0IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}LSP: C:\Windows\System32\Sendori.dllTrusted Zone: turbotax.comTCP: NameServer = 192.168.1.1TCP: Interfaces\{A253051F-7A67-4D99-B018-DF33CF4B97DA} : DHCPNameServer = 192.168.1.1AppInit_DLLs= C:\PROGRA~2\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dllSSODL: WebCheck - <orphaned>x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dllx64-BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dllx64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingx64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [PocketCloud Location] "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe"x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: WebCheck - <orphaned>x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\FF - prefs.js: browser.search.selectedEngine - SweetTunes SearchFF - component: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dllFF - component: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dllFF - component: C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dllFF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\Users\Phil\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dllFF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\y0no2wyn.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dllFF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\Phil\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.---- FIREFOX POLICIES ---- ============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-23 16152]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-10-8 63760]R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-6-11 1263200]R1 appliand;Applian LightWeight Filter;C:\Windows\System32\drivers\appliand.sys [2013-5-10 30304]R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-4-18 3246040]R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-10-7 120096]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-11-25 52896]R2 Creative Audio Pack Licensing Service;Creative Audio Pack Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\APLicensing.exe [2011-5-30 72704]R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-11-6 101888]R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 350792]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-4-23 161560]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 701512]R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-4-23 138768]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-10-7 22304]R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-10-7 3623200]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-23 363800]R2 VideoAcceleratorService;VideoAcceleratorService;C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm --> C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm [?]R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-4-18 285280]R3 Blackberry Device Manager;Blackberry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-1-18 577536]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-23 356120]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-23 787736]R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-1 25928]R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-4-23 32344]R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-4-23 14136]R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-23 648808]R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2012-6-13 44024]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-11-25 36000]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-11-25 298144]S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-11-25 201376]S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-11-25 55456]S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-11-25 154272]S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-15 79360]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-22 79360]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2011-5-29 18552]S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]S3 OV550I;OVT Scanner;C:\Windows\System32\drivers\ov550ivx.sys [2008-2-22 196992]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-6 19456]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-6 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-6 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-29 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464].=============== File Associations ===============.FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1".=============== Created Last 30 ================.2013-11-12 12:02:12 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9B3743A-8290-4EAA-9795-44C2D4E6B5B9}\offreg.dll2013-11-12 11:42:33 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9B3743A-8290-4EAA-9795-44C2D4E6B5B9}\mpengine.dll2013-11-10 22:16:40 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-10 17:00:56 -------- d-----w- C:\AdwCleaner2013-11-08 00:37:33 -------- d-----w- C:\Program Files\iPod2013-11-08 00:37:32 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-11-08 00:37:32 -------- d-----w- C:\Program Files\iTunes2013-11-08 00:37:32 -------- d-----w- C:\Program Files (x86)\iTunes2013-11-06 10:33:23 -------- d-----w- C:\Users\Phil\AppData\Local\FreemakeVideoConverter2013-11-06 10:31:17 -------- d-----w- C:\ProgramData\Conduit2013-11-06 10:31:03 -------- d-----w- C:\Users\Phil\AppData\Local\NativeMessaging2013-11-06 10:30:58 -------- d-----w- C:\Users\Phil\AppData\Local\CRE2013-11-06 10:30:36 -------- d-----w- C:\Program Files (x86)\SearchProtect2013-11-06 10:30:25 -------- d-----w- C:\Users\Phil\AppData\Roaming\SearchProtect2013-11-06 10:29:08 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll2013-11-06 10:29:05 -------- d-----w- C:\ProgramData\Freemake2013-11-06 10:29:03 -------- d-----w- C:\ProgramData\Sendori2013-11-06 10:29:00 -------- d-----w- C:\Program Files (x86)\Sendori2013-11-06 10:28:55 -------- d-----w- C:\Program Files (x86)\Freemake2013-11-06 10:03:51 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine2013-11-06 09:26:29 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C7C28E50-9553-47A3-820F-3FFC06861E76}\gapaengine.dll2013-11-03 14:08:30 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll.==================== Find3M ====================.2013-10-09 02:10:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-09 02:10:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-10-09 02:10:04 17813896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-09-22 14:42:33 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-09-22 14:33:53 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-09-22 14:33:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-09-22 14:23:30 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-09-22 14:21:21 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-09-22 14:15:47 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-09-22 10:22:59 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-09-22 10:14:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-09-22 10:13:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-09-22 10:08:41 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-09-22 10:06:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-09-22 10:03:18 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll.============= FINISH: 8:05:02.10 =============== attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 5/14/2012 6:42:43 PMSystem Uptime: 11/9/2013 9:52:58 PM (83 hours ago).Motherboard: MSI | | Z77A-G43 (MS-7758)Processor: Intel® Core i5-2300 CPU @ 2.80GHz | SOCKET 0 | 2801/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 253.124 GiB free.D: is CDROM ()E: is CDROM (UDF)F: is FIXED (NTFS) - 932 GiB total, 371.897 GiB free.G: is FIXED (NTFS) - 932 GiB total, 186.896 GiB free.H: is RemovableI: is RemovableJ: is RemovableK: is RemovableL: is RemovableT: is NetworkDisk (NTFS) - 1832 GiB total, 924.952 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP218: 11/7/2013 5:56:50 PM - Windows UpdateRP219: 11/12/2013 6:42:05 AM - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)ABBYY FineReader 9.0 SprintAcronis True Image Home 2011Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8)Amazon Cloud PlayerAmazon KindleAMD Catalyst Install ManagerApple Application SupportApple Mobile Device SupportApple Software UpdateApplian DirectorApplian Network Monitor (3.0.8.1)ArcSoft PhotoImpression 6ARIS EXPRESSAtHomeConnect version 1.0.1.0BIG-IP Edge Client ComponentsBIG-IP Edge Client Components (All Users)BlackBerry Desktop Software 7.1Bluetooth Win7 Suite (64)BonjourBoris Graffiti for CorelCain & Abel v4.9.41CameraHelperMsiCatalyst Control Center InstallProxyCisco WebEx MeetingsCommonCompatibility Pack for the 2007 Office systemContentsCorel PaintShop Pro X4Corel PaintShop Pro X4 Ultimate Bonus PackCorel VideoStudio Pro X4 UltimateCreative ALchemyCreative Audio Control PanelCreative Audio PackCreative Console LauncherCreative MediaSource 5Creative Smart RecorderCreative Software AutoUpdateCreative Sound Blaster Properties x64 EditionCreative WaveStudio 7DeviceIOEpson CreativeZoneEpson Easy Photo Print 2Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)Epson Easy Photo Print Plug-in for Windows Live Photo GalleryEpson Easy Photo Print Plug-in for Windows Live Photo Gallery SetupEpson Event ManagerEpson FAX UtilityEpson PC-FAX DriverEPSON ScanEPSON WorkForce 840 Series Printer UninstallEpsonNet PrintEpsonNet Setup 3.3erLTEye-Fi Center 3.4Forté AgentFreemake Video Converter version 4.1.0Google ChromeGoogle Talk PluginGoZone iSyncH&R Block Deluxe + Efile + State 2010H&R Block Deluxe + Efile + State 2011H&R Block Deluxe + Efile + State 2012H&R Block Pennsylvania 2010H&R Block Pennsylvania 2011H&R Block Pennsylvania 2012ICAIHA_MessageCenterIntel® Management Engine ComponentsIntel® USB 3.0 eXtensible Host Controller DriverIntel® Trusted Connect Service ClientIPM_PSP_COMIPM_VS_ProISCOMiSofter DVD Ripper Platinum 1.0.2006.912iTunesJava 7 Update 45Java Auto UpdaterLightScribe ApplicationsLightScribe System SoftwareLogitech Harmony Remote Software 7Logitech SetPoint 6.20Logitech Webcam SoftwareLTCM ClientLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Video Mask MakerLWS VideoEffectsLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Digital Image Library 10Microsoft Digital Image Library 9 - BlockerMicrosoft Digital Image Pro 10Microsoft Digital Image Suite 10Microsoft Endpoint Protection Management ComponentsMicrosoft Forefront Endpoint ProtectionMicrosoft Forefront Endpoint Protection 2010 Server ManagementMicrosoft HealthVault Connection CenterMicrosoft HealthVault Connection Center ConfigurationMicrosoft IntelliPoint 8.2Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook ConnectorMicrosoft Office PowerPoint MUI (English) 2007Microsoft Office Professional Edition 2003Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programsMicrosoft Security ClientMicrosoft SilverlightMicrosoft SQL Server Compact 3.5 SP1 EnglishMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mozilla Firefox 14.0.1 (x86 en-US)Mozilla Maintenance ServiceMSI Afterburner 2.1.0MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2758694)Napster Download ManagerNCH Tone GeneratorNero 10 Menu TemplatePack BasicNero 10 Movie ThemePack BasicNero 2014Nero 2014 Content PackNero Abstract ThemesNero Audio Pack 1Nero BackItUp 10Nero BackItUp 10 Help (CHM)Nero Blu-ray PlayerNero Blu-ray Player Help (CHM)Nero Burning CoreNero Burning ROMNero Burning ROM 10Nero Burning ROM Help (CHM)Nero BurningROM 10 Help (CHM)Nero BurnRights 10Nero BurnRights 10 Help (CHM)Nero ClipartsNero Control Center 10Nero ControlCenterNero ControlCenter 10 Help (CHM)Nero ControlCenter Help (CHM)Nero Core ComponentsNero Core Components 10Nero CoverDesigner 10Nero CoverDesigner 10 Help (CHM)Nero Disc Menus 1Nero Disc Menus 2Nero Disc Menus 3Nero Disc Menus BasicNero Disc to DeviceNero DiscSpeed 10Nero DiscSpeed 10 Help (CHM)Nero Effects BasicNero ExpressNero Express 10Nero Express 10 Help (CHM)Nero Express Help (CHM)Nero Family and Events ThemesNero Football (Soccer) ThemesNero Holiday and Sports ThemesNero Image SamplesNero InfoNero InfoTool 10Nero InfoTool 10 Help (CHM)Nero Kwik Themes BasicNero LauncherNero MediaHomeNero MediaHome Help (CHM)Nero Multimedia Suite 10Nero PiP Effects 1Nero PiP Effects BasicNero Platinum Effects 12Nero RecodeNero Recode 10Nero Recode 10 Help (CHM)Nero Recode Help (CHM)Nero RescueAgentNero RescueAgent 10Nero RescueAgent 10 Help (CHM)Nero RescueAgent Help (CHM)Nero Retro Film ThemesNero SharedVideoCodecsNero SoundTrax 10Nero SoundTrax 10 Help (CHM)Nero StartSmart 10Nero StartSmart 10 Help (CHM)Nero UpdateNero VideoNero Video Help (CHM)Nero Video SamplesNero Video Transitions 1Nero Vision 10Nero Vision 10 Help (CHM)Nero WaveEditor 10Nero WaveEditor 10 Help (CHM)NVIDIA 3D Vision Controller Driver 310.70NVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA Graphics Driver 311.06NVIDIA HD Audio Driver 1.3.18.0NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.1031NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsOctoshape add-in for Adobe Flash PlayerOmron Drivers for HealthVaultOpenALOpera 11.62Opera 12.00Opera Stable 16.0.1196.73OVT ScannerPC Auto BackupPC Shower 2011 6.7Pdf995 (installed by H&R Block)PdfEdit995 (installed by H&R Block)PocketCloud Windows CompanionPrerequisite installerproDAD Mercalli 2.0PSPPContentPSPPHelpPSPPro64PureHDQuickTimeRadmin Viewer 3.4RapportRAR Password Recovery 5.0RealNetworks - Microsoft Visual C++ 2005 RuntimeRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealUpgrade 1.1Remote Control USB DriverReplay Converter 4Replay Media Catcher 5 (5.0.0.89)Replay Media Splitter 2.2.1302.21Replay Music 5Replay Telecorder for Skype 1.3.0.18Replay Video Capture 6RhapsodySAMSUNG Intelli-studioSansa UpdaterSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition SendoriSetupShareShare64SmartSound Common DataSmartSound Quicktracks 5Sound Blaster X-FiSoundFont Bank ManagerSpeedFan (remove only)StartNow ToolbarStellarium 0.11.0Super-ChargerUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Video PadlockVIOVSClassicVSUltimateVz In-Home AgentWavePad Sound EditorWindows Driver Package - Acer, Inc (androidusb) USB (04/07/2011 1.0.0010.00000)Windows Media Encoder 9 SeriesWindows Media Player Firefox PluginWinkiWinPcap 4.1.2WinZip 15.5.==== Event Viewer Messages From Past Week ========.11/9/2013 9:57:15 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).11/9/2013 9:57:15 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.11/9/2013 9:55:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 WRkrn11/9/2013 9:55:12 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.11/9/2013 9:53:26 PM, Error: Service Control Manager [7000] - The WRSVC service failed to start due to the following error: The system cannot find the file specified.11/9/2013 9:53:05 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.11/6/2013 9:49:37 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Service Sendori service, but this action failed with the following error: An instance of the service is already running.11/6/2013 9:29:37 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1200000 milliseconds: Restart the service.11/13/2013 7:50:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.11/13/2013 7:49:57 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.11/12/2013 7:11:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.11/12/2013 7:11:30 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/12/2013 7:11:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}11/10/2013 3:51:34 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified..==== End Of File ===========================
  19. hi, I an a subscriber to Malwarebytes PRO. please find attached dds.txt and attach.zip thanks DDS.txt Attach.zip
  20. I was looking for a way to share youtube videos with someone who does not use computers. I found a program called Freemake Video Converter that seems to meet my needs. In the process of installing I failed to notice it would install a bunch of other stuff. while the converter works well, the other stuff hijacked my browsers and starting sending annoying pop-ups for surveys claiming to be related to the sites I was visiting. I was able to clean some f this up by running a full scan with Malwarebytes, and by fixing up changes to my browser settings. the ad popups remain though. these are merely highly annoying, but I would still like to kill them off. all malware scans are negative so i assume it is either "incognito" or a residual browser hack somewhere. any ideas? thanks. mbam-log-2013-11-06 (06-23-38).txt
  21. Well, in the end I gambled and replaced the Cpu. That sens to have done the trick. My new ca's can circulate about twice the air so I should be ok. Thanks for the advice!
  22. hi, thanks for the suggestion. In fact the heatsink fan had come loose, but it LOOKED LIKE the heatsink was intact. it certainly can't hurt trying to reseat the cpu and reattach the heatsink/fan combo. I'll let you know later. Phil
  23. I recently upgraded my video card, only to find that the card ran too hot for the ventilation in my case. I got a better case, but I suspect either the damage was already done, or I was careless in moving the motherboard to the new case. right now, the power all fires up just fine, but I do not get any POST indication at all, and the video display is not active. no ominous beeps, nothing, even if I yank the video card. is there any way I can confirm the suspicion without buying another mobo and/or CPU? this is an ASUS P5N-E Sli with an intel E-series processor, though I don't think that information is relevant at this stage. I had planned to upgrade later in 2012, so I might just have to move that date up a bit. maybe a lot... thanks, phil
  24. Hi, I added an ASUS BT-211 to my XP computer at home, with no good result. is there any way to get windows to cough up more details on what's wrong? I am happy to try to figure it out myself, but all XP tells me is that the install failed. I am using the latest released drivers. ASUS is normally very slow to respond. this is not particularly urgent for me right now, just annoying.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.